CVE-2026-35554 on Tika 2.9.5

Saravanan Balakrishnan Tue, 07 Apr 2026 21:31:37 -0700

Hi Tika Team,

Please provide our input on CVE CVE-2026-35554 which is "Apache Kafka Clients: Kafka Producer Message Corruption and Misrouting via Buffer Pool Race Condition"

On my analysis inTika2.9.5 jar file:

$ grep "kafka-clients" * -i -R

META-INF/maven/org.apache.logging.log4j/log4j-core/pom.xml: kafka.clients;substitute="kafka-clients";transitive=false;static=true,

META-INF/maven/org.apache.logging.log4j/log4j-core/pom.xml: <artifactId>kafka-clients</artifactId>

I could see only used in log4j core usage, and I don't see the version of kafka-clients been build or incorporated in META-INF files or in any pom files. Kindly provide your input on this vulnerability affects the Tika 2.9.5 stream.

Thanks in advance.

Regards,

Saravanan B

CVE-2026-35554 on Tika 2.9.5

Reply via email to