CVE Catalog

CVE-2026-41727

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.24%

15th percentile - higher than 15% of all known CVEs

Summary

The vulnerability in Spring Kafka concerns the retry topic infrastructure, which did not sufficiently validate user-controlled header values. A producer could send a record with a crafted retry_topic-attempts header containing an out-of-range attempt count, causing the retry topic router to misidentify the message's position in the retry sequence.

Risk Assessment

The risk involves potential manipulation of retry logic, which could lead to message skipping or misrouting, potentially disrupting systems based on Spring Kafka and causing data loss or processing delays.

Recommendation

It is recommended to immediately update Spring for Apache Kafka to version 4.0.6, 3.3.16, 3.2.14, 2.9.14, or 2.8.12, depending on the branch used, and implement header validation in custom code as an additional safeguard.

Original NVD description (English source)

Spring Kafka's retry topic infrastructure did not sufficiently validate user-controlled header values before acting on them. A producer could send a record with a crafted retry_topic-attempts header to supply an out-of-range attempt count and cause the retry topic router to misidentify where the message was in the retry sequence. Affected versions: Spring for Apache Kafka 4.0.0 through 4.0.5; 3.3.0 through 3.3.15; 3.2.0 through 3.2.13; 2.9.0 through 2.9.13; 2.8.0 through 2.8.11.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS