Hi Apoorva, This is an open source project, so you can search in the JIRA or check the source code to find the answer. Like the first CVE-2025-67030, you will find this ticket after searching it: https://issues.apache.org/jira/browse/KAFKA-20373
And it showed it'll be included in v4.2.1/v4.3.0. If you find it is not fixed yet, submitting PRs to fix them is highly appreciated. Thank you, Luke On Fri, May 15, 2026 at 2:18 PM Apoorva Maheshwari via users < [email protected]> wrote: > Hello Team, > > > > Could you please confirm the plan to release a new Kafka version that > includes fixes for vulnerabilities identified primarily in transient > dependencies such as Jetty, log4j, Jackson, and a few others? > > > > Below is the list of identified vulnerabilities for reference: > > > > CVE-2025-67030 > > CVE-2026-39882 > > CVE-2026-41078 > > CVE-2026-40894 > > CVE-2026-34477 > > CVE-2026-34478 > > CVE-2026-34479 > > CVE-2026-34480 > > CVE-2026-34481 > > CVE-2026-1605 > > CVE-2025-11143 > > CVE-2026-2332 > > CVE-2026-5795 > > GHSA-72hv-8253-57qq > > > > Regards > Apoorva Maheshwari >
