Apache ZooKeeper Flaw Exposes Sensitive Data to Attackers - gbhackers.com

Apache ZooKeeper Flaw CVE/vulnerabilityCyber Security NewsVulnerability 2 min.Read Apache ZooKeeper Flaw Exposes Sensitive Data to Attackers By Divya March 9, 2026 Share Facebook Twitter Pinterest WhatsApp Apache ZooKeeper, a centralized service used for maintaining configuration information and naming in distributed systems, has received critical security updates. The Apache Software Foundation recently addressed two “Important” severity vulnerabilities that could expose sensitive data and allow server impersonation in production environments. Configuration and Hostname Verification Flaws The first vulnerability, identified as CVE-2026-24308, involves sensitive information disclosure caused by improper configuration handling. Within the ZKConfig component, the system mistakenly logs configuration values at the INFO level. As a result, sensitive credentials and system settings are written directly into the client’s logfile in plain text. Because INFO-level logging is frequently enabled by default in production systems, this flaw presents a substantial risk of data exposure to any user or attacker with log access. Security researcher Youlong Chen was credited with discovering and reporting this vulnerability. The second vulnerability, CVE-2026-24281, is a hostname verification bypass within the ZKTrustManager. When standard IP Subject Alternative Name (SAN) validation fails, the system automatically falls back to a reverse DNS (PTR) lookup. Attackers who can control or spoof these PTR records can manipulate this fallback mechanism to impersonate valid ZooKeeper servers or clients. To successfully exploit this, an attacker must present a digital certificate that is trusted by the ZKTrustManager. While this prerequisite makes the attack more complex, the risk remains significant for targeted networks. Nikita Markevich reported this flaw, which is tracked internally as ZOOKEEPER-4986. CVE ID Severity Description Affected Versions CVE-2026-24308 Important Sensitive information disclosure in client configuration logs via ZKConfig at INFO level. 3.8.0 – 3.8.5 3.9.0 – 3.9.4 CVE-2026-24281 Important Hostname verification bypass via reverse-DNS fallback in ZKTrustManager. 3.8.0 – 3.8.5 3.9.0 – 3.9.4 Mitigation and Remediation Steps Both vulnerabilities impact the same software versions, specifically the 3.8.x branch up to 3.8.5 and the 3.9.x branch up to 3.9.4. To protect distributed infrastructure, administrators must apply the provided software updates immediately. The Apache Security team advises all users to upgrade their ZooKeeper deployments to version 3.8.6 or 3.9.5, which resolve both security issues. Applying these updates introduces critical architectural fixes. For the logging vulnerability, the update prevents sensitive configuration data from flowing into standard operational logs. For the hostname bypass flaw, the patched versions introduce a new configuration option designed to disable reverse DNS lookups entirely across client and quorum protocols. By removing the PTR fallback mechanism, the update permanently eliminates the spoofing vector. Additionally, security teams should actively audit past INFO-level logs to ensure no credentials were leaked prior to patching. Administrators are advised to rotate any exposed passwords or authentication keys discovered in previous log files to maintain complete system security. Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google. Tags cyber security Cyber Security News Vulnerability Divya Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world. Hot this week Infosec- Resources How To Access Dark Web Anonymously and know its Secretive and Mysterious Activities June 4, 2023 1 What is Deep Web The deep web, invisible web, or... SOC Architecture How to Build and Run a Security Operations Center (SOC Guide) – 2023 June 3, 2023 12 Today’s Cyber security operations center (CSOC) should have everything... Cyber Security News Network Penetration Testing Checklist – 2025 March 2, 2025 0 Network penetration testing is a cybersecurity practice that simulates... Cyber Security News Russian Hackers Bypass EDR to Deliver a Weaponized TeamViewer Component October 18, 2023 0 TeamViewer's popularity and remote access capabilities make it an... Checklist Web Server Penetration Testing Checklist – 2026 January 6, 2026 0 Web server pentesting is performed under three significant categories: identity,... Topics AcquisitionAdobeAdwareAIAmazonAmazon AWSAMDAndroidAnti VirusAntimalwareAntispoofingANY RUNApacheAPIAppleAPTArtificial IntelligenceAvastAWSAzureBackdoorBitcoinBluetoothBotnetBrowserBuffer over flowBug BountyBusinessChatbotsChatGPTChecklistChromeCiscoCISOCISO AdvisoryCloudCloud SecurityCloudflareComputer SecurityCourseCPUCross site ScriptingcryptocurrencyCryptocurrency hackCVE/vulnerabilityCyber AdvisoryCyber AICyber AttackCyber Crimecyber securityCyber security CourseCyber Security NewsCyber Security ResourcesDark WebData BreachData GovernanceDDOSDealsDeepSeekDiscordDNSDos AttackDriveDropboxEducationEmailEmail SecurityEthical HackingExploitExploitation ToolsExtratorrentsFACEBOOKFeaturedFirefoxFirefox NewsFirewallForensics ToolsgameGenAIGitHubGitLabGmailGoogleGoogle dorksGovernanceGRCHacking BooksHacksHardware HackingHBOHTMLHTTPIBMIISIncident ResponseInformation GatheringInformation Security RisksInfosec- ResourcesInsider ThreatsInstagramMore cyber security Gh0st RAT, CloverPlus Hit Victims in Dual-Malware Campaign 0 A new malware campaign is bundling a powerful remote... cyber security Intel Utility Hijacked in AppDomain Attack to Launch Malware 0 Hackers are abusing a trusted Intel utility to quietly... AI Anthropic MCP Hit by Critical Vulnerability Enabling Remote Code Execution 0 A critical, systemic vulnerability discovered in Anthropic's Model Context... cyber security North Korea-Linked UNC1069 Hacks Crypto Pros via Fake Meetings 0 North Korea-linked threat actor UNC1069 is running a highly... cyber security Iran’s MOIS Tied to Coordinated Cyber Campaign Using Multiple Hacker Personas 0 A single Iranian state-directed operation is hiding behind several... cyber security TBK DVR Vulnerability CVE-2024-3721 Exploited to Spread Nexcorium DDoS Malware 0 Hackers are actively exploiting a critical vulnerability in TBK... CVE/vulnerability iTerm2 Flaw Turns SSH Escape Sequences Into Arbitrary Code Execution 0 In the cybersecurity community, we often assume that simply... cyber security Microsoft-Signed Malware Built With FUD Crypt Packs Persistence and C2 0 Hackers are abusing a service called FUD Crypt to... Related Articles Gh0st RAT, CloverPlus Hit Victims in Dual-Malware Campaign cyber security April 20, 2026 Intel Utility Hijacked in AppDomain Attack to Launch Malware cyber security April 20, 2026 Anthropic MCP Hit by Critical Vulnerability Enabling Remote Code Execution AI April 20, 2026 North Korea-Linked UNC1069 Hacks Crypto Pros via Fake Meetings cyber security April 20, 2026 Iran’s MOIS Tied to Coordinated Cyber Campaign Using Multiple Hacker Personas cyber security April 20, 2026 Recent News Gh0st RAT, CloverPlus Hit Victims in Dual-Malware Campaign Mayura Kathir - April 20, 2026 Intel Utility Hijacked in AppDomain Attack to Launch Malware Mayura Kathir - April 20, 2026 Anthropic MCP Hit by Critical Vulnerability Enabling Remote Code Execution Divya - April 20, 2026 North Korea-Linked UNC1069 Hacks Crypto Pros via Fake Meetings Mayura Kathir - April 20, 2026 Iran’s MOIS Tied to Coordinated Cyber Campaign Using Multiple Hacker Personas Mayura Kathir - April 20, 2026 TBK DVR Vulnerability CVE-2024-3721 Exploited to Spread Nexcorium DDoS Malware Mayura Kathir - April 20, 2026