CVE-2026-41727
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk15th percentile - higher than 15% of all known CVEs
Summary
The vulnerability in Spring Kafka concerns the retry topic infrastructure, which did not sufficiently validate user-controlled header values. A producer could send a record with a crafted retry_topic-attempts header containing an out-of-range attempt count, causing the retry topic router to misidentify the message's position in the retry sequence.
Risk Assessment
The risk involves potential manipulation of retry logic, which could lead to message skipping or misrouting, potentially disrupting systems based on Spring Kafka and causing data loss or processing delays.
Recommendation
It is recommended to immediately update Spring for Apache Kafka to version 4.0.6, 3.3.16, 3.2.14, 2.9.14, or 2.8.12, depending on the branch used, and implement header validation in custom code as an additional safeguard.
Original NVD description (English source)
Spring Kafka's retry topic infrastructure did not sufficiently validate user-controlled header values before acting on them. A producer could send a record with a crafted retry_topic-attempts header to supply an out-of-range attempt count and cause the retry topic router to misidentify where the message was in the retry sequence. Affected versions: Spring for Apache Kafka 4.0.0 through 4.0.5; 3.3.0 through 3.3.15; 3.2.0 through 3.2.13; 2.9.0 through 2.9.13; 2.8.0 through 2.8.11.

