RHSA-2026:4285 - Security Advisory

Topic

Red Hat build of Debezium connectors in version 3.2.7 are now available for Red Hat Application Foundations.

Description

Debezium is a distributed platform that turns your existing databases into event streams, so applications can see and respond immediately to each row-level change in the databases.

Debezium is built on top of Apache Kafka and provides Kafka Connect compatible connectors that monitor specific database management systems. Debezium records the history of data changes in Kafka logs, from where your application consumes them. This makes it possible for your application to easily consume all of the events correctly and completely. Even if your application stops unexpectedly, it will not miss anything: when the application restarts, it will resume consuming the events where it left off.

In addition this errata fixes two security issues

mchange-commons-java: Arbitrary code execution via JNDI dereferencing of crafted objects (CVE-2026-27727)
c3p0: Arbitrary Code Execution via deserialization of crafted objects (CVE-2026-27830)

Solution

To apply this update, follow the standard installation procedure for your platform:

• https://docs.redhat.com/en/documentation/red_hat_build_of_debezium/3.2.7/html-single/installing_debezium_on_openshift/index

https://docs.redhat.com/en/documentation/red_hat_build_of_debezium/3.2.7/html-single/installing_debezium_on_rhel/index

Affected Products

• Red Hat Integration Text-Only Advisories x86_64
• Red Hat Integration 1 x86_64

Fixes

CVEs

• CVE-2026-27727
• CVE-2026-27830

References

• https://access.redhat.com/security/updates/classification/#important