Apache Software Foundation Apache Kafka Clients vulnerabilities

2 known vulnerabilities affecting apache_software_foundation/apache_kafka_clients.

Total CVEs

2

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

HIGH1MEDIUM1

Vulnerabilities

Page 1 of 1

CVE-2026-35554HIGHCVSS 8.7≥ 2.8.0, ≤ 3.9.1≥ 4.0.0, ≤ 4.0.1+1 more2026-04-07

CVE-2026-35554 [HIGH] CWE-362 CVE-2026-35554: A race condition in the Apache Kafka Java producer client’s buffer pool management can cause message A race condition in the Apache Kafka Java producer client’s buffer pool management can cause messages to be silently delivered to incorrect topics. When a produce batch expires due to delivery.timeout.ms while a network request containing that batch is still in flight, the batch’s ByteBuffer is prematurely deallocated and returned to the buffer pool.

CVE-2024-31141MEDIUMCVSS 6.5≥ 2.3.0, ≤ 3.5.2≥ 3.6.0, ≤ 3.6.2+1 more2024-11-19

CVE-2024-31141 [MEDIUM] CWE-269 CVE-2024-31141: Files or Directories Accessible to External Parties, Improper Privilege Management vulnerability in Files or Directories Accessible to External Parties, Improper Privilege Management vulnerability in Apache Kafka Clients. Apache Kafka Clients accept configuration data for customizing behavior, and includes ConfigProvider plugins in order to manipulate these configurations. Apache Kafka also provides FileConfigProvider, DirectoryConfigProvider, and