CVE-2026-10142 - kafka-python frame length parser DoS
kafka-python before 2.3.2 trusts a broker-supplied 4-byte frame length in
the network receive path. A malicious broker or machine-in-the-middle can send
an oversized or malformed length that drives huge memory allocation attempts or
leaves the connection in a broken state, hanging requests and stopping consumer
heartbeats until restart.
This is primarily a broker-boundary bug. The highest-risk deployments are clients that talk to shared, third-party, or insufficiently authenticated Kafka brokers, or that do not use transport protections strong enough to prevent broker impersonation.
When to use it
- A Python service, notebook, worker, or image resolves
kafka-python <2.3.2. - Kafka clients connect to shared, third-party, test, or weakly authenticated brokers.
- Consumers, producers, or admin jobs can hang long enough to affect heartbeats, backlogs, tenant workflows, or incident response automation.
- You need one bounded PR or triage note that upgrades the package and records broker-boundary risk.
Inputs
- Dependency manifests, lockfiles, container build files, SBOMs, notebooks, and generated dependency reports.
- Resolved
kafka-pythonversions for every deployable target. - Kafka client configuration, broker allow-lists, TLS/SASL settings, and connection lifecycle ownership.
- Available unit tests, parser/wrapper tests, container build, dependency scan, and SBOM refresh commands.
Affected versions
- Vulnerable package:
kafka-python <2.3.2 - Fixed package:
kafka-python 2.3.2+ - Affected path: broker response parsing through
receive_bytes() - Impact: memory exhaustion, stuck clients, hung producer/admin requests, and consumer group instability
Source-freshness note: GitHub Advisory Database currently publishes this as an
unreviewed advisory with no package metadata and unknown affected/patched
version fields, even though the description, NVD entry, and upstream fix point
to kafka-python prior to 2.3.2. Do not rely on Dependabot alone to find
exposure; inventory manifests, lockfiles, images, and notebooks directly.
Indicator-of-exposure
- The repository depends on
kafka-python <2.3.2in application code, worker images, notebooks, scripts, CI tooling, or internal libraries. - The deployment talks to Kafka brokers outside a strictly trusted and mutually authenticated network boundary.
- The runtime uses long-lived consumers, producers, or admin clients where a stuck socket can cause consumer eviction, replay, or job backlog growth.
- Client health checks do not quickly recycle wedged Kafka connections.
Quick checks:
rg -n "kafka-python|from kafka|import kafka|KafkaConsumer|KafkaProducer|KafkaAdminClient|SASL|SCRAM|bootstrap_servers" .
python -m pip show kafka-python
python -m pip freeze | rg '^kafka-python=='
Windows:
rg -n "kafka-python|from kafka|import kafka|KafkaConsumer|KafkaProducer|KafkaAdminClient|SASL|SCRAM|bootstrap_servers" .
python -m pip show kafka-python
python -m pip freeze | rg '^kafka-python=='
Do not connect to untrusted brokers or replay malformed Kafka frames just to prove exposure.
Remediation strategy
- Upgrade every controlled
kafka-pythondependency, lockfile, image, wheel cache, SBOM, and generated dependency report to2.3.2+, preferably the latest available release. - If
kafka-pythonis present, remediate CVE-2026-10143 in the same change set unless there is a documented reason to split the PR; both advisories use the same fixed release. - Where the repository owns wrappers or forks, enforce sane maximum frame lengths and fail closed on invalid lengths before attempting allocation.
- Require TLS plus broker authentication strong enough to prevent rogue broker impersonation or on-path manipulation.
- Add connection-health handling so consumers and producers fail fast and restart cleanly instead of hanging indefinitely after parser errors.
- If immediate upgrade is blocked, reduce exposure by restricting outbound broker access to known hosts, tightening network ACLs, and disabling third-party or test brokers in shared environments.
The prompt
Model context: this prompt was generated by GPT 5.5 Extra High reasoning.
You are remediating CVE-2026-10142 / GHSA-m3px-q5gj-j9x7, where `kafka-python`
before 2.3.2 trusts a broker-supplied frame length and can exhaust memory or
hang client connections. Produce exactly one output:
- A reviewer-ready PR/change request that upgrades or patches the affected
Kafka Python client, hardens broker trust boundaries, adds safe regression
checks, refreshes generated artifacts, and documents operator cleanup, or
- TRIAGE.md if this repository does not control an affected `kafka-python`
dependency, wrapper, image, deployment, or containment path.
## Rules
- Scope only CVE-2026-10142 / GHSA-m3px-q5gj-j9x7 and directly related Kafka
frame-length parsing, broker-authentication, and fail-fast connection logic.
- Treat broker credentials, SASL secrets, TLS keys, message payloads, topic
names, tenant identifiers, and customer data as sensitive.
- Do not connect to untrusted brokers, capture production traffic, or ship a
malformed-frame proof of concept.
- Do not weaken Kafka authentication or transport security to simplify testing.
- Do not auto-merge.
## Steps
1. Inventory every controlled `kafka-python` reference in source, requirements
files, lockfiles, vendored code, Dockerfiles, build images, notebooks,
scripts, CI jobs, and SBOMs.
2. Determine the resolved `kafka-python` version for every deployable target. A
target is vulnerable if it resolves to `<2.3.2`.
3. Determine how each target reaches Kafka: broker host allow-lists, TLS,
certificate validation, SASL, mTLS, VPN/private network assumptions, and
whether brokers are fully trusted or shared.
4. Identify ownership of connection lifecycle behavior: retries, restarts,
watchdogs, worker recycling, and consumer lag alarms.
5. If this repository does not control an affected dependency or runtime, stop
with `TRIAGE.md` listing checked files, observed version if known, runtime
owner, and required fixed version `2.3.2+`.
6. Upgrade all controlled `kafka-python` references to `2.3.2+`. Refresh
lockfiles, constraints, image layers, SBOMs, and generated dependency
reports.
7. For owned forks or wrappers, ensure malformed or oversized broker frame
lengths are rejected before memory allocation and that parser failures close
and recycle the connection cleanly.
8. Harden containment where this repo owns it:
- allow outbound Kafka only to approved brokers;
- require TLS and broker identity validation;
- keep test or third-party brokers separate from production credentials;
- add watchdogs or restarts for wedged Kafka workers if missing.
9. Add safe regression checks:
- dependency resolution rejects `kafka-python <2.3.2`;
- parser/unit tests cover invalid or oversized frame lengths without using a
live broker;
- client failures surface as controlled exceptions or reconnects instead of
indefinite hangs;
- logs and metrics expose no secrets or message contents.
10. Add a PR body section named `CVE-2026-10142 operator actions` that states:
- `kafka-python` versions before and after;
- which applications or workers used the package;
- whether any brokers were outside a strongly trusted boundary;
- whether worker restarts, credential review, or broker-access tightening
are required;
- whether CVE-2026-10143 was remediated in the same PR or tracked
separately;
- which validation commands passed.
11. Run available validation: dependency install, lockfile integrity, unit
tests, Kafka client tests, container build, SBOM refresh, and security
scans.
12. Use PR title:
`fix(sec): remediate CVE-2026-10142 in kafka-python`.
## Stop conditions
- No affected `kafka-python` package, fork, wrapper, image, or deployment is
controlled by this repository.
- The only affected runtime is owned by another team or vendor.
- A fixed version cannot be consumed and the repository cannot safely carry a
reviewed parser-boundary patch or network containment.
- Verification would require production traffic capture, connecting to
untrusted brokers, or exposing broker credentials or customer messages.
- Validation fails for unrelated pre-existing reasons; document those failures
instead of broadening scope.
Verification - what the reviewer looks for
- No controlled dependency source still resolves
kafka-python <2.3.2. - Parser or wrapper code fails closed on malformed/oversized frame lengths.
- Client restarts or reconnect behavior is explicit instead of leaving stuck workers silent.
- Broker trust boundary controls are documented where the repository owns them.
- Validation covers the parser path without connecting to untrusted brokers.
Output contract
- Reviewer-ready PR upgrading all controlled
kafka-pythonreferences to2.3.2+, refreshing generated artifacts, and documenting affected runtimes. - Safe regression coverage for dependency resolution and parser or wrapper frame-length rejection where this repository owns that code.
- Operator notes for broker trust boundaries, worker restarts, and whether CVE-2026-10143 was fixed in the same change.
TRIAGE.mdwhen the repository does not control the vulnerable dependency, runtime, broker boundary, or safe verification path.
Watch for
- Updating a requirements file while container images, notebooks, or worker layers still resolve the older wheel.
- Treating a private network as enough while broker identity is not actually authenticated.
- Fixes that catch the exception but leave the connection half-open and the consumer stuck.
- Addressing this CVE while leaving the adjacent SCRAM iteration-count issue (CVE-2026-10143) unresolved in the same package.
Related recipes
- CVE-2026-10143 kafka-python SCRAM iteration DoS
- Vulnerable dependency remediation
- CVE intelligence intake gate
References
- GitHub Advisory Database: https://github.com/advisories/GHSA-m3px-q5gj-j9x7
- NVD CVE: https://nvd.nist.gov/vuln/detail/CVE-2026-10142
- kafka-python issue tracker: https://github.com/dpkp/kafka-python/issues/3019
- kafka-python fix discussion: https://github.com/dpkp/kafka-python/pull/3026
- kafka-python fix commit: https://github.com/dpkp/kafka-python/commit/6e48314