CVE-2026-24281 | Apache ZooKeeper up to 3.8.5/3.9.4 ZKTrustManager certificate host validation

Inserito da Angelo Barbosa | Mar 7, 2026 | CVE

A vulnerability identified as critical has been detected in Apache ZooKeeper up to 3.8.5/3.9.4. This issue affects some unknown processing of the component ZKTrustManager. Performing a manipulation results in certificate with host mismatch.

This vulnerability is reported as CVE-2026-24281. The attack is possible to be carried out remotely. No exploit exists.

You should upgrade the affected component.

CVE-2026-24281 | Apache ZooKeeper up to 3.8.5/3.9.4 ZKTrustManager certificate host validation

Post correlati

CVE-2024-40089 | Vilo Mesh WiFi System up to 5.16.1.33 Device Name command injection

CVE-2024-6522 | Modern Events Calendar Plugin up to 7.12.1 on WordPress server-side request forgery

CVE-2025-47813 | wftpserver Wing FTP Server up to 7.4.3 Cookie loginok.html UID information exposure

CVE-2025-10484 | Registration & Login with Mobile Phone Number for WooCommerce Plugin fma_lwp_set_session_php_fun improper authentication