Use After Free in Apache Software Foundation Kafka Clients

CVE-2026-35554

A race condition in the Apache Kafka Java producer client’s buffer pool management can cause messages to be silently delivered to incorrect topics. When a produce batch expires due to delivery.timeout.ms while a network request containing…

Vulnerability class: Use-After-Free

EPSS: 0.000 (7.5th percentile) — read the EPSS interpretation.