CVE-2026-35554 — Race Condition in Software Foundation Apache Kafka Clients

CWE-362 — Race Condition CWE-416 — Use After Free4 documents4 sources

Severity

8.7HIGHNVD

EPSS

0.0%

top 89.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Software Foundation Apache Kafka Clients

Timeline

PublishedApr 7

Description

A race condition in the Apache Kafka Java producer client’s buffer pool management can cause messages to be silently delivered to incorrect topics. When a produce batch expires due to delivery.timeout.ms while a network request containing that batch is still in flight, the batch’s ByteBuffer is prematurely deallocated and returned to the buffer pool. If a subsequent producer batch—potentially destined for a different topic—reuses this freed buffer before the original network request completes, …

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:NExploitability: 2.2 | Impact: 5.8

Affected Packages1 packages

▶CVEListV5apache_software_foundation/apache_kafka_clients2.8.0 — 3.9.1+2

🔴Vulnerability Details

CVEList

Apache Kafka Clients: Kafka Producer Message Corruption and Misrouting via Buffer Pool Race Condition↗2026-04-07

▶

GHSA

Apache Kafka Clients: Kafka Producer Message Corruption and Misrouting via Buffer Pool Race Condition↗2026-04-07

▶

GHSA

GHSA-5qcv-4rpc-jp93: A race condition in the Apache Kafka Java producer client’s buffer pool management can cause messages to be silently delivered to incorrect topics↗2026-04-07

▶