CVE-2026-23529: CWE-73: External Control of File Name or Path in Aiven-Open bigquery-connector-for-apache-kafka
Kafka Connect BigQuery Connector is an implementation of a sink connector from Apache Kafka to Google BigQuery. Prior to 2.11.0, there is an arbitrary file read in Google BigQuery Sink connector. Aiven's Google BigQuery Kafka Connect Sink connector requires Google Cloud credential configurations for authentication to BigQuery services. During connector configuration, users can supply credential JSON files that are processed by Google authentication libraries. The service fails to validate externally-sourced credential configurations before passing them to the authentication libraries. An attacker can exploit this by providing a malicious credential configuration containing crafted credential_source.file paths or credential_source.url endpoints, resulting in arbitrary file reads or SSRF attacks.
AI Analysis
Technical Summary
The vulnerability CVE-2026-23529 affects the Aiven-Open BigQuery Connector for Apache Kafka versions prior to 2.11.0. This connector facilitates data streaming from Apache Kafka to Google BigQuery by using Google Cloud credentials for authentication. The flaw lies in the connector's failure to validate externally supplied credential JSON files before processing them with Google authentication libraries. Specifically, an attacker can craft malicious credential configurations containing manipulated credential_source.file paths or credential_source.url endpoints. This manipulation enables arbitrary file reads on the host system or Server-Side Request Forgery (SSRF) attacks, potentially allowing attackers to access sensitive files or internal network resources. The vulnerability requires the attacker to have the ability to configure the connector, implying some level of privilege, but does not require user interaction. The CVSS v3.1 score is 7.7 (high), reflecting network attack vector, low attack complexity, requiring privileges but no user interaction, and a high impact on confidentiality without affecting integrity or availability. No public exploits have been reported yet, but the vulnerability poses a significant risk to organizations relying on this connector for their Kafka to BigQuery data pipelines.
Potential Impact
For European organizations, this vulnerability could lead to unauthorized disclosure of sensitive data through arbitrary file reads, potentially exposing credentials, configuration files, or other critical information stored on systems running the vulnerable connector. SSRF exploitation could allow attackers to pivot into internal networks, accessing internal services that are otherwise protected, increasing the risk of further compromise. Organizations handling sensitive or regulated data, such as financial institutions, healthcare providers, and government agencies, face heightened risks of data breaches and compliance violations under GDPR. The disruption of data pipelines could also impact business operations reliant on real-time analytics and reporting. Since the vulnerability requires configuration privileges, insider threats or compromised accounts with such permissions are particularly concerning. The lack of known exploits in the wild suggests a window for proactive mitigation before widespread attacks occur.
Mitigation Recommendations
The primary mitigation is to upgrade the Aiven-Open BigQuery Connector for Apache Kafka to version 2.11.0 or later, where this vulnerability is addressed. Until upgrading is possible, organizations should enforce strict access controls on who can configure the connector to prevent unauthorized or malicious credential configurations. Implement validation and sanitization of credential JSON files before they are used by the connector, possibly by integrating additional security checks or using hardened credential management processes. Network segmentation and firewall rules should be applied to limit the connector's ability to reach internal resources, reducing SSRF impact. Monitoring and logging of connector configuration changes and authentication attempts can help detect suspicious activity. Additionally, conduct regular security audits of data pipeline components and credential handling practices to identify and remediate potential weaknesses.
Affected Countries
Germany, United Kingdom, France, Netherlands, Sweden, Switzerland
CVE-2026-23529: CWE-73: External Control of File Name or Path in Aiven-Open bigquery-connector-for-apache-kafka
Description
Kafka Connect BigQuery Connector is an implementation of a sink connector from Apache Kafka to Google BigQuery. Prior to 2.11.0, there is an arbitrary file read in Google BigQuery Sink connector. Aiven's Google BigQuery Kafka Connect Sink connector requires Google Cloud credential configurations for authentication to BigQuery services. During connector configuration, users can supply credential JSON files that are processed by Google authentication libraries. The service fails to validate externally-sourced credential configurations before passing them to the authentication libraries. An attacker can exploit this by providing a malicious credential configuration containing crafted credential_source.file paths or credential_source.url endpoints, resulting in arbitrary file reads or SSRF attacks.
AI-Powered Analysis
Technical Analysis
The vulnerability CVE-2026-23529 affects the Aiven-Open BigQuery Connector for Apache Kafka versions prior to 2.11.0. This connector facilitates data streaming from Apache Kafka to Google BigQuery by using Google Cloud credentials for authentication. The flaw lies in the connector's failure to validate externally supplied credential JSON files before processing them with Google authentication libraries. Specifically, an attacker can craft malicious credential configurations containing manipulated credential_source.file paths or credential_source.url endpoints. This manipulation enables arbitrary file reads on the host system or Server-Side Request Forgery (SSRF) attacks, potentially allowing attackers to access sensitive files or internal network resources. The vulnerability requires the attacker to have the ability to configure the connector, implying some level of privilege, but does not require user interaction. The CVSS v3.1 score is 7.7 (high), reflecting network attack vector, low attack complexity, requiring privileges but no user interaction, and a high impact on confidentiality without affecting integrity or availability. No public exploits have been reported yet, but the vulnerability poses a significant risk to organizations relying on this connector for their Kafka to BigQuery data pipelines.
Potential Impact
For European organizations, this vulnerability could lead to unauthorized disclosure of sensitive data through arbitrary file reads, potentially exposing credentials, configuration files, or other critical information stored on systems running the vulnerable connector. SSRF exploitation could allow attackers to pivot into internal networks, accessing internal services that are otherwise protected, increasing the risk of further compromise. Organizations handling sensitive or regulated data, such as financial institutions, healthcare providers, and government agencies, face heightened risks of data breaches and compliance violations under GDPR. The disruption of data pipelines could also impact business operations reliant on real-time analytics and reporting. Since the vulnerability requires configuration privileges, insider threats or compromised accounts with such permissions are particularly concerning. The lack of known exploits in the wild suggests a window for proactive mitigation before widespread attacks occur.
Mitigation Recommendations
The primary mitigation is to upgrade the Aiven-Open BigQuery Connector for Apache Kafka to version 2.11.0 or later, where this vulnerability is addressed. Until upgrading is possible, organizations should enforce strict access controls on who can configure the connector to prevent unauthorized or malicious credential configurations. Implement validation and sanitization of credential JSON files before they are used by the connector, possibly by integrating additional security checks or using hardened credential management processes. Network segmentation and firewall rules should be applied to limit the connector's ability to reach internal resources, reducing SSRF impact. Monitoring and logging of connector configuration changes and authentication attempts can help detect suspicious activity. Additionally, conduct regular security audits of data pipeline components and credential handling practices to identify and remediate potential weaknesses.
Affected Countries
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-01-13T18:22:43.981Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 696a701db22c7ad868c0d111
Added to database: 1/16/2026, 5:06:37 PM
Last enriched: 1/16/2026, 5:20:56 PM
Last updated: 1/16/2026, 10:00:48 PM
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2026-21223: CWE-269: Improper Privilege Management in Microsoft Microsoft Edge (Chromium-based)
UnknownCVE-2026-20960: CWE-285: Improper Authorization in Microsoft Microsoft Power Apps
HighCVE-2025-56451: n/a
HighCVE-2026-23800: CWE-266 Incorrect Privilege Assignment in Modular DS
CriticalCVE-2026-23744: CWE-306: Missing Authentication for Critical Function in MCPJam inspector
CriticalActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.