CVE-2026-3206 PUBLISHED

Improper management of context cancelations

Assigner: KrakenD
Reserved: 25.02.2026 Published: 25.02.2026 Updated: 25.02.2026

Improper Resource Shutdown or Release vulnerability in KrakenD, SLU KrakenD-CE (CircuitBreaker modules), KrakenD, SLU KrakenD-EE (CircuitBreaker modules). This issue affects KrakenD-CE: before 2.13.1; KrakenD-EE: before 2.13.0.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/S:N/AU:Y/R:A/V:D/RE:L/U:Clear
CVSS Score: 1.3

Product Status

Vendor KrakenD
Product KrakenD-CE
Versions Default: unaffected
  • affected from 0 to 2.13.1 (excl.)
Vendor KrakenD
Product KrakenD-EE
Versions Default: unaffected
  • affected from 0 to 2.13.0 (excl.)

Solutions

Vulnerability has been fixed. Patched versions are available.

References

Problem Types

  • CWE-404 Improper Resource Shutdown or Release CWE