What is CVE-2026-41726?

CVE-2026-41726 is a medium-severity vulnerability, classified under Allocation of Resources Without Limits or Throttling. CVSS score: 6.5/10. Published 2026-06-10.

How severe is CVE-2026-41726?

Medium severity. CVSS v3 base score is 6.5 out of 10.

CVE-2026-41726

CVE-2026-41726

When an application opts into DelegatingDeserializer, a producer can grow the consumer's heap without bound by sending records with unique random spring.kafka.serialization.selector header values, eventually causing GC thrash and OutOfMemo…

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.

Weakness classification (CWE)

CWE-770 — Allocation of Resources Without Limits or Throttling

References

security@vmware.com

Frequently asked questions

What is CVE-2026-41726?: CVE-2026-41726 is a medium-severity vulnerability, classified under Allocation of Resources Without Limits or Throttling. CVSS score: 6.5/10. Published 2026-06-10.
How severe is CVE-2026-41726?: Medium severity. CVSS v3 base score is 6.5 out of 10.