Kafka Python Dpkp Kafka Python

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Dpkp Kafka Python.

By the Year

In 2026 there have been 2 vulnerabilities in Dpkp Kafka Python with an average score of 7.5 out of ten.

Year Vulnerabilities Average Score
2026 2 7.50

It may take a day or so for new Kafka Python vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Dpkp Kafka Python Security Vulnerabilities

Kafka-Python 2.3.2 Denial-of-Service via SCRAM Iteration Count
CVE-2026-10143 7.5 - High - June 10, 2026

kafka-python prior to 2.3.2 contains a denial-of-service vulnerability in SCRAM authentication handling that allows a malicious or machine-in-the-middle broker to freeze the client event loop by supplying an excessively large iteration count. In scram.py, ScramClient.process_server_first_message() passes the broker-controlled SCRAM iteration count directly to hashlib.pbkdf2_hmac() without validation, blocking producer sends, consumer polls, admin operations, and heartbeats, which can cause consumer group eviction and repeated reconnect failures.

Resource Exhaustion

kafkapython <2.3.2: DDoS via protocol parser injection (protocol parser)
CVE-2026-10142 7.5 - High - June 10, 2026

kafka-python prior to 2.3.2 contains a denial-of-service vulnerability in the protocol parser that allows a malicious broker or machine-in-the-middle attacker to exhaust memory or hang connections by sending a crafted 4-byte frame length value without bounds validation. Attackers can send a specially crafted frame length through the receive_bytes() function to trigger either a multi-gigabyte memory allocation or an uncaught ValueError that leaves the connection in a broken state, causing requests to hang and consumers to stop heartbeating until restart.

Stack Exhaustion

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Dpkp Kafka Python or by Dpkp? Click the Watch button to subscribe.

Dpkp
Vendor

subscribe