Vmware Spring For Apache Kafka — known CVE vulnerabilities
Every CVE whose affected-product data names Vmware Spring For Apache Kafka, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2026-41731 — CVSS 8.1 (high): JsonKafkaHeaderMapper and the deprecated DefaultKafkaHeaderMapper matched type headers against trusted packages using a prefix check…
CVE-2026-41727 — CVSS 6.5 (medium): Spring Kafka's retry topic infrastructure did not sufficiently validate user-controlled header values before acting on them. A producer…
CVE-2023-34040 — CVSS 5.3 (medium): In Spring for Apache Kafka 3.0.9 and earlier and versions 2.9.10 and earlier, a possible deserialization attack vector existed, but only if…