CVE-2026-10143 is a high-severity denial-of-service vulnerability in kafka-python prior to 2.3.2. The vulnerability exists in the SCRAM authentication handling, where a malicious or machine-in-the-middle broker can supply an excessively large iteration count to freeze the client event loop. This is caused by the ScramClient.process_server_first_message() function passing the broker-controlled SCRAM iterat [truncated]
CVE-2026-10142 is a high-severity denial-of-service vulnerability in kafka-python prior to version 2.3.2. The vulnerability allows a malicious broker or machine-in-the-middle attacker to exhaust memory or hang connections by sending a crafted 4-byte frame length value without bounds validation. Attackers can send a specially crafted frame length through the receive_bytes() function to trigger either a mul [truncated]
