org.springframework.kafka:spring-kafka (Maven) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Maven package org.springframework.kafka:spring-kafka, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (3)
CVE-2026-41731 — CVSS 8.1 (high): JsonKafkaHeaderMapper and the deprecated DefaultKafkaHeaderMapper matched type headers against trusted packages using a prefix check…
CVE-2026-41726 — CVSS 6.5 (medium): When an application opts into DelegatingDeserializer, a producer can grow the consumer's heap without bound by sending records with unique…
CVE-2023-34040 — CVSS 5.3 (medium): In Spring for Apache Kafka 3.0.9 and earlier and versions 2.9.10 and earlier, a possible deserialization attack vector existed, but only if…