Dpkp Kafka Python
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Dpkp Kafka Python.
By the Year
In 2026 there have been 2 vulnerabilities in Dpkp Kafka Python with an average score of 7.5 out of ten.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 2 | 7.50 |
It may take a day or so for new Kafka Python vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Dpkp Kafka Python Security Vulnerabilities
Kafka-Python 2.3.2 Denial-of-Service via SCRAM Iteration Count
CVE-2026-10143
7.5 - High
- June 10, 2026
kafka-python prior to 2.3.2 contains a denial-of-service vulnerability in SCRAM authentication handling that allows a malicious or machine-in-the-middle broker to freeze the client event loop by supplying an excessively large iteration count. In scram.py, ScramClient.process_server_first_message() passes the broker-controlled SCRAM iteration count directly to hashlib.pbkdf2_hmac() without validation, blocking producer sends, consumer polls, admin operations, and heartbeats, which can cause consumer group eviction and repeated reconnect failures.
Resource Exhaustion
kafkapython <2.3.2: DDoS via protocol parser injection (protocol parser)
CVE-2026-10142
7.5 - High
- June 10, 2026
kafka-python prior to 2.3.2 contains a denial-of-service vulnerability in the protocol parser that allows a malicious broker or machine-in-the-middle attacker to exhaust memory or hang connections by sending a crafted 4-byte frame length value without bounds validation. Attackers can send a specially crafted frame length through the receive_bytes() function to trigger either a multi-gigabyte memory allocation or an uncaught ValueError that leaves the connection in a broken state, causing requests to hang and consumers to stop heartbeating until restart.
Stack Exhaustion
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Dpkp Kafka Python or by Dpkp? Click the Watch button to subscribe.