diff --git a/LICENSE-binary b/LICENSE-binary
index f2387a5cc530..3e2ba5a7f157 100644
--- a/LICENSE-binary
+++ b/LICENSE-binary
@@ -206,7 +206,7 @@ This project bundles some components that are also licensed under the Apache
 License Version 2.0:
 
 audience-annotations-0.12.0
-caffeine-2.9.3
+caffeine-3.1.1
 commons-beanutils-1.9.4
 commons-cli-1.4
 commons-collections-3.2.2
diff --git a/core/src/test/scala/unit/kafka/log/remote/RemoteIndexCacheTest.scala b/core/src/test/scala/unit/kafka/log/remote/RemoteIndexCacheTest.scala
index 6ebcbeb4fcd2..4d55c30b3977 100644
--- a/core/src/test/scala/unit/kafka/log/remote/RemoteIndexCacheTest.scala
+++ b/core/src/test/scala/unit/kafka/log/remote/RemoteIndexCacheTest.scala
@@ -377,7 +377,7 @@ class RemoteIndexCacheTest {
     // Simulate a concurrency situation where one thread is reading the entry already present in the cache (cache hit)
     // and the other thread is reading an entry which is not available in the cache (cache miss). The expected behaviour
     // is for the former thread to succeed while latter is fetching from rsm.
-    // In this this test we simulate the situation using latches. We perform the following operations:
+    // In this test we simulate the situation using latches. We perform the following operations:
     // 1. Start the CacheMiss thread and wait until it starts executing the rsm.fetchIndex
     // 2. Block the CacheMiss thread inside the call to rsm.fetchIndex.
     // 3. Start the CacheHit thread. Assert that it performs a successful read.
@@ -624,7 +624,7 @@ class RemoteIndexCacheTest {
     assertCacheSize(2)
     verifyEntryIsEvicted(metadataList(0), entry0)
 
-    // Reduce cache capacity to only store 1 entries
+    // Reduce cache capacity to only store 1 entry
     cache.resizeCacheSize(1 * estimateEntryBytesSize)
     assertCacheSize(1)
     verifyEntryIsEvicted(metadataList(1), entry1)
diff --git a/gradle/dependencies.gradle b/gradle/dependencies.gradle
index cde22a4050bf..5048bcd3a136 100644
--- a/gradle/dependencies.gradle
+++ b/gradle/dependencies.gradle
@@ -54,7 +54,10 @@ versions += [
   apacheds: "2.0.0-M24",
   argparse4j: "0.7.0",
   bcpkix: "1.78.1",
-  caffeine: "2.9.3", // 3.x supports JDK 11 and above
+  // Version >=3.1.2 includes an improvement to prevent hash DOS attacks, 
+  // but currently, tests are failing in >=3.1.2. Therefore, we are temporarily using version 3.1.1. 
+  // The failing tests should be fixed under KAFKA-18089, allowing us to upgrade to >=3.1.2.
+  caffeine: "3.1.1",
   // when updating checkstyle, check whether the exclusion of
   // CVE-2023-2976 and CVE-2020-8908 can be dropped from
   // gradle/resources/dependencycheck-suppressions.xml