6.5
CVE-2026-41727
- EPSS 0.24%
- Veröffentlicht 09.06.2026 23:49:10
- Zuletzt bearbeitet 27.06.2026 22:16:47
- Quelle security@vmware.com
- CVE-Watchlists
- Unerledigt
In Spring for Apache Kafka, forged retry topic headers subvert retry routing and backoff behavior
Spring Kafka's retry topic infrastructure did not sufficiently validate user-controlled header values before acting on them. A producer could send a record with a crafted retry_topic-attempts header to supply an out-of-range attempt count and cause the retry topic router to misidentify where the message was in the retry sequence. Affected versions: Spring for Apache Kafka 4.0.0 through 4.0.5; 3.3.0 through 3.3.15; 3.2.0 through 3.2.13; 2.9.0 through 2.9.13; 2.8.0 through 2.8.11.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
VMware ≫ Spring For Apache Kafka Version >= 2.8.0 <= 2.8.11
VMware ≫ Spring For Apache Kafka Version >= 2.9.0 <= 2.9.13
VMware ≫ Spring For Apache Kafka Version >= 3.2.0 <= 3.2.13
VMware ≫ Spring For Apache Kafka Version >= 3.3.0 <= 3.3.15
VMware ≫ Spring For Apache Kafka Version >= 4.0.0 <= 4.0.5
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.24% | 0.149 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@vmware.com | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
https://spring.io/security/cve-2026-41727