Donate Telegram

CVE-2026-24308

NONE EPSS 0.02%

Mar 07, 2026

Updated Mar 07, 2026

Apache

Parameter	Value
Fixed In	3.8.6
Type	CWE-532
Vendor	Apache
Public PoC	No

Improper handling of configuration values in ZKConfig in Apache ZooKeeper 3.8.5 and 3.9.4 on all platforms allows an attacker to expose sensitive information stored in client configuration in the client's logfile. Configuration values are exposed at INFO level logging rendering potential production systems affected by the issue. Users are recommended to upgrade to version 3.8.6 or 3.9.5 which fixes this issue.

Weakness Type (CWE)

References 2

https://lists.apache.org/thread/qng3rtzv2pqkmko4rhv85jfplkyrgqdr

security@apache.org

http://www.openwall.com/lists/oss-security/2026/03/07/5

af854a3a-2127-422b-91ae-364da2661108

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-33704

Apache

CVE-2026-40023

Apache

CVE-2026-40021

Apache

CVE-2026-34481

Apache

CVE-2026-34480

Apache

CVE Details

CVE ID

CVE-2026-24308

Published Date

Mar 07, 2026

Vendor

Apache

Severity

NONE

Exploit Prediction (EPSS)

Probability of Exploit 0.02%

Likelihood of exploitation in next 30 days

Percentile: 6.6th percentile (higher than 6.6% of all CVEs)

Standard patching cycle

Impact

Minimal impact

Source

Editor's Choice