CVE-2026-10142

CVE-2026-10142 affects kafka-python prior to 2.3.2. The vulnerability resides in the protocol parser, where an attacker can send a crafted 4-byte frame length via receive_bytes() without bounds validation. This can cause a multi-gigabyte memory allocation or an uncaught ValueError, leaving the co...

CVE-2026-10142

kafka-python prior to 2.3.2 contains a denial-of-service vulnerability in the protocol parser that allows a malicious broker or machine-in-the-middle attacker to exhaust memory or hang connections by sending a crafted 4-byte frame length value without bounds validation. Attackers can send a...

PT-2026-48530

Name of the Vulnerable Software and Affected Versions kafka-python versions prior to 2.3.2 Description A denial-of-service issue exists in the protocol parser. A malicious broker or machine-in-the-middle attacker can exhaust memory or hang connections by sending a crafted 4-byte frame length valu...

PT-2026-48531

Name of the Vulnerable Software and Affected Versions kafka-python versions prior to 2.3.2 Description A denial-of-service issue exists in the SCRAM authentication handling. A malicious or machine-in-the-middle broker can freeze the client event loop by providing an excessively large iteration...

kafka-python 安全漏洞

Kafka-Python is a distributed stream processing engine client library written entirely in Python by Dana Powers. Versions of Kafka-Python prior to 2.3.2 contained security vulnerabilities. These vulnerabilities stemmed from the lack of boundary validation for the 4-byte frame length value in the...

kafka-python 资源管理错误漏洞

Kafka-Python is a distributed stream processing engine client library written entirely in Python by Dana Powers. Versions of Kafka-Python prior to 2.3.2 contained a resource management vulnerability. This vulnerability stemmed from the lack of verification of the iteration count during SCRAM...