Description
Kafka Connect BigQuery Connector is an implementation of a sink connector from Apache Kafka to Google BigQuery. Prior to 2.11.0, there is an arbitrary file read in Google BigQuery Sink connector. Aiven's Google BigQuery Kafka Connect Sink connector requires Google Cloud credential configurations for authentication to BigQuery services. During connector configuration, users can supply credential JSON files that are processed by Google authentication libraries. The service fails to validate externally-sourced credential configurations before passing them to the authentication libraries. An attacker can exploit this by providing a malicious credential configuration containing crafted credential_source.file paths or credential_source.url endpoints, resulting in arbitrary file reads or SSRF attacks.
Published: 2026-01-16
Score: 7.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Arbitrary File Read
Action: Patch Now
AI Analysis

Impact

Kafka Connect BigQuery Connector versions prior to 2.11.0 allow an attacker to supply a malicious credential configuration when setting up the connector. The connector forwards the JSON credential file—including any credential_source.file paths or credential_source.url entries—to Google authentication libraries without validating the sources. This omission permits the attacker to read arbitrary files from the host or trigger Server‑Side Request Forgery against internal or external URLs. The weakness is a path traversal (CWE‑73) and a SSRF failure (CWE‑918).

Affected Systems

The vulnerability affects the Aiven-Open:bigquery-connector-for-apache-kafka product. All released connector versions before v2.11.0 are susceptible. Users should verify their deployed connector version and update to v2.11.0 or later to remove the flaw.

Risk and Exploitability

The CVSS base score is 7.7, indicating a high impact. The EPSS score of less than 1% suggests a low probability of widespread exploitation at present, and the vulnerability is not listed in the CISA KEV catalog. The most likely attack vector occurs during connector configuration, where an attacker with the ability to submit or modify the credential JSON can trigger the read or SSRF. Failing to patch may result in disclosure of sensitive files or unintended network traffic from the connector host.

Generated by OpenCVE AI on April 18, 2026 at 16:02 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the v2.11.0 patch or newer to the Aiven BigQuery Connector; this patch fixes the CWE‑73 path traversal and CWE‑918 SSRF issues.
  • If patching is delayed, disable the use of external credential_source.file or credential_source.url entries in the connector configuration until a secure version is deployed
  • Implement input validation to mitigate CWE‑73 and CWE‑918 weaknesses by strictly enforcing that only trusted credential_source.file paths and URLs are accepted, and by sanitizing any user supplied data before passing it to Google authentication libraries.

Generated by OpenCVE AI on April 18, 2026 at 16:02 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 19 Jan 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Aiven
Aiven bigquery-connector-for-apache-kafka
Vendors & Products Aiven
Aiven bigquery-connector-for-apache-kafka

Fri, 16 Jan 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 16 Jan 2026 17:00:00 +0000

Type Values Removed Values Added
Description Kafka Connect BigQuery Connector is an implementation of a sink connector from Apache Kafka to Google BigQuery. Prior to 2.11.0, there is an arbitrary file read in Google BigQuery Sink connector. Aiven's Google BigQuery Kafka Connect Sink connector requires Google Cloud credential configurations for authentication to BigQuery services. During connector configuration, users can supply credential JSON files that are processed by Google authentication libraries. The service fails to validate externally-sourced credential configurations before passing them to the authentication libraries. An attacker can exploit this by providing a malicious credential configuration containing crafted credential_source.file paths or credential_source.url endpoints, resulting in arbitrary file reads or SSRF attacks.
Title Arbitrary File Read in Google BigQuery Sink connector
Weaknesses CWE-73
CWE-918
References
Metrics cvssV3_1

{'score': 7.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N'}

Subscriptions

Aiven Bigquery-connector-for-apache-kafka
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-01-16T17:24:03.843Z

Reserved: 2026-01-13T18:22:43.981Z

Link: CVE-2026-23529

cve-icon Vulnrichment

Updated: 2026-01-16T17:23:59.008Z

cve-icon NVD

Status : Deferred

Published: 2026-01-16T17:15:54.783

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-23529

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T16:15:04Z

Weaknesses