Improper Resource Shutdown or Release vulnerability in KrakenD, SLU KrakenD-CE (CircuitBreaker modules), KrakenD, SLU KrakenD-EE (CircuitBreaker modules). This issue affects KrakenD-CE: before 2.13.1; KrakenD-EE: before 2.12.5.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00047.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions
KrakenD KrakenD-CE unaffected
Version Status Constraints
0 affected
< 2.13.1
KrakenD KrakenD-EE unaffected
Version Status Constraints
0 affected
< 2.12.5

No data.

No data.

Vendor Product Confidence Versions
Krakend Krakend-ce 95%
Version Status Scheme Platform
[0,2.13.1)
 affected generic
Krakend Krakend-ee 95%
Version Status Scheme Platform
[0,2.12.5)
 affected generic

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Subscriptions

Vendors Products
Krakend Subscribe
Krakend-ce Subscribe
Krakend-ee Subscribe

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Fixes

Solution

Vulnerability has been fixed. Patched versions are available.

Workaround

No workaround given by the vendor.

References
Link Providers
https://www.krakend.io/blog/krakend-2.13.1-release-notes/ cve-icon cve-icon
https://www.krakend.io/blog/krakend-ee-2.12.5-release-notes/ cve-icon cve-icon
History

Wed, 25 Feb 2026 17:30:00 +0000

Type Values Removed Values Added
References

Wed, 25 Feb 2026 16:45:00 +0000

Type Values Removed Values Added
Description Improper Resource Shutdown or Release vulnerability in KrakenD, SLU KrakenD-CE (CircuitBreaker modules), KrakenD, SLU KrakenD-EE (CircuitBreaker modules). This issue affects KrakenD-CE: before 2.13.1; KrakenD-EE: before 2.13.0. Improper Resource Shutdown or Release vulnerability in KrakenD, SLU KrakenD-CE (CircuitBreaker modules), KrakenD, SLU KrakenD-EE (CircuitBreaker modules). This issue affects KrakenD-CE: before 2.13.1; KrakenD-EE: before 2.12.5.
References

Wed, 25 Feb 2026 15:45:00 +0000

Type Values Removed Values Added
Description Improper Resource Shutdown or Release vulnerability in KrakenD, SLU KrakenD-CE (CircuitBreaker modules), KrakenD, SLU KrakenD-EE (CircuitBreaker modules). This issue affects KrakenD-CE: before 2.13.1; KrakenD-EE: before 2.13.0.
Title Improper management of context cancelations
First Time appeared Krakend
Krakend krakend-ce
Krakend krakend-ee
Weaknesses CWE-404
CPEs cpe:2.3:a:krakend:krakend-ce:*:*:*:*:*:*:*:*
cpe:2.3:a:krakend:krakend-ee:*:*:*:*:*:*:*:*
Vendors & Products Krakend
Krakend krakend-ce
Krakend krakend-ee
References
Metrics cvssV4_0

{'score': 1.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/S:N/AU:Y/R:A/V:D/RE:L/U:Clear'}
cve-icon MITRE

Status: PUBLISHED

Assigner: KrakenD

Published:

Updated: 2026-02-25T20:21:08.239Z

Reserved: 2026-02-25T15:11:30.701Z

Link: CVE-2026-3206

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-02-25T16:23:30.423

Modified: 2026-02-27T14:06:59.787

Link: CVE-2026-3206

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-02-26T13:15:55Z

Weaknesses