Spring Kafka 2.8-4.0.5 retry_topic header validation flaw
CVE-2026-41727 Published on June 9, 2026
In Spring for Apache Kafka, forged retry topic headers subvert retry routing and backoff behavior
Spring Kafka's retry topic infrastructure did not sufficiently validate user-controlled header values before acting on them. A producer could send a record with a crafted retry_topic-attempts header to supply an out-of-range attempt count and cause the retry topic router to misidentify where the message was in the retry sequence.
Affected versions:
Spring for Apache Kafka 4.0.0 through 4.0.5; 3.3.0 through 3.3.15; 3.2.0 through 3.2.13; 2.9.0 through 2.9.13; 2.8.0 through 2.8.11.
Vulnerability Analysis
CVE-2026-41727 can be exploited with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.
Weakness Type
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Affected Versions
Spring for Apache Kafka:- Version 4.0.0 and below 4.0.6 is affected.
- Version 3.3.0 and below 3.3.16 is affected.
- Version 3.2.0 and below 3.2.14 is affected.
- Version 2.9.0 and below 2.9.14 is affected.
- Version 2.8.0 and below 2.8.12 is affected.