Cyber Resilience

CVE-2026-23529

High

Published: 16 January 2026

Published
16 January 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
EPSS Score 0.0004 11.2th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-23529 is a high-severity External Control of File Name or Path (CWE-73) vulnerability in Google BigQuery (inferred from references). Its CVSS base score is 7.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked at the 11.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-23529 is a vulnerability in Aiven's Google BigQuery Kafka Connect Sink connector, an implementation of a sink connector from Apache Kafka to Google BigQuery, affecting versions prior to 2.11.0. The issue stems from insufficient validation of externally sourced Google Cloud credential configurations, which are processed by Google authentication libraries during connector setup. Attackers can supply malicious credential JSON files with crafted credential_source.file paths or credential_source.url endpoints, enabling arbitrary file reads or server-side request forgery (SSRF) attacks. The vulnerability is rated 7.7 on the CVSS 3.1 scale (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N) and maps to CWE-73 (External Control of File Name or Path) and CWE-918 (Server-Side Request Forgery).

Exploitation requires low privileges (PR:L), typically allowing an authenticated user with access to configure the connector—such as an operator or administrator in a Kafka Connect environment—to submit a malicious credential configuration. Successful exploitation grants network-accessible attackers the ability to read arbitrary files on the host system running the connector or trigger SSRF to internal or external endpoints, achieving high confidentiality impact across the changed scope without affecting integrity or availability.

Advisories and patches recommend upgrading to version 2.11.0 of the Aiven Google BigQuery Kafka Connect Sink connector, where the fix is implemented via commit 20ea3921c6fe72d605a033c1943b20f49eaba981. Google's support bulletin (gcp-2025-005) and the GitHub security advisory (GHSA-3mg8-2g53-5gj4) detail the issue and mitigation, emphasizing validation of credential configurations prior to processing by authentication libraries.

EU & UK References

Vulnerability details

Kafka Connect BigQuery Connector is an implementation of a sink connector from Apache Kafka to Google BigQuery. Prior to 2.11.0, there is an arbitrary file read in Google BigQuery Sink connector. Aiven's Google BigQuery Kafka Connect Sink connector requires Google…

more

Cloud credential configurations for authentication to BigQuery services. During connector configuration, users can supply credential JSON files that are processed by Google authentication libraries. The service fails to validate externally-sourced credential configurations before passing them to the authentication libraries. An attacker can exploit this by providing a malicious credential configuration containing crafted credential_source.file paths or credential_source.url endpoints, resulting in arbitrary file reads or SSRF attacks.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
Why these techniques?

Arbitrary file read capability from crafted credential configs directly enables T1005 for local system data access.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-48920Shared CWE-73
CVE-2026-41060Shared CWE-918
CVE-2024-12036Shared CWE-73
CVE-2026-34428Shared CWE-918
CVE-2026-47357Shared CWE-73, CWE-918
CVE-2026-33354Shared CWE-73
CVE-2026-43891Shared CWE-73
CVE-2025-13096Shared CWE-918
CVE-2025-14610Shared CWE-918
CVE-2026-5210Shared CWE-73

Affected Assets

Google
BigQuery
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-10 requires validation of information inputs at system interfaces, directly addressing the lack of validation on credential JSON configurations that enables arbitrary file reads and SSRF.

prevent

SI-2 mandates timely remediation of flaws, mitigating this vulnerability by requiring upgrade to the patched version 2.11.0 that implements proper credential validation.

prevent

CM-5 restricts access to configuration changes, limiting low-privileged users' ability to submit malicious connector configurations.

References