1. Apache ZooKeeper CVE-2026-24281: Hostname Verification Flaw Allows Server Impersonation via Spoofed DNS
A critical vulnerability in Apache ZooKeeper's ZKTrustManager can allow attackers to impersonate trusted servers or clients. The flaw, tracked as CVE-2026-24281, stems from a fallback mechanism in hostname verification. When validation of an IP address in a certificate's Subject Alternative Name (IP SAN) fails, the sys...