CVE-2026-5562: Code Injection in provectus kafka-ui
A vulnerability was identified in provectus kafka-ui up to 0.7.2. This impacts the function validateAccess of the file /api/smartfilters/testexecutions of the component Endpoint. The manipulation leads to code injection. The attack can be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
AI Analysis
Technical Summary
The vulnerability in provectus kafka-ui (versions 0.7.0 to 0.7.2) resides in the validateAccess function of the /api/smartfilters/testexecutions endpoint. This flaw allows remote attackers to perform code injection by manipulating input to this function. The vulnerability is remotely exploitable without authentication or user interaction, with low complexity and low impact on confidentiality, integrity, and availability. Despite public disclosure and availability of exploit code, the vendor has not provided a patch or remediation guidance.
Potential Impact
Successful exploitation could allow an attacker to execute arbitrary code remotely on the affected system running provectus kafka-ui up to version 0.7.2. This could lead to unauthorized actions depending on the privileges of the application process. The CVSS score of 6.9 indicates a medium severity impact with partial impact on confidentiality, integrity, and availability. No known exploits in the wild have been reported so far.
Mitigation Recommendations
No official patch or remediation is currently available from the vendor, and the vendor has not responded to disclosure attempts. Users should consider mitigating exposure by restricting access to the vulnerable endpoint, applying network-level controls to limit remote access, or discontinuing use of affected versions until a fix is released. Monitor vendor channels for any future updates or patches.
CVE-2026-5562: Code Injection in provectus kafka-ui
Description
A vulnerability was identified in provectus kafka-ui up to 0.7.2. This impacts the function validateAccess of the file /api/smartfilters/testexecutions of the component Endpoint. The manipulation leads to code injection. The attack can be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability in provectus kafka-ui (versions 0.7.0 to 0.7.2) resides in the validateAccess function of the /api/smartfilters/testexecutions endpoint. This flaw allows remote attackers to perform code injection by manipulating input to this function. The vulnerability is remotely exploitable without authentication or user interaction, with low complexity and low impact on confidentiality, integrity, and availability. Despite public disclosure and availability of exploit code, the vendor has not provided a patch or remediation guidance.
Potential Impact
Successful exploitation could allow an attacker to execute arbitrary code remotely on the affected system running provectus kafka-ui up to version 0.7.2. This could lead to unauthorized actions depending on the privileges of the application process. The CVSS score of 6.9 indicates a medium severity impact with partial impact on confidentiality, integrity, and availability. No known exploits in the wild have been reported so far.
Mitigation Recommendations
No official patch or remediation is currently available from the vendor, and the vendor has not responded to disclosure attempts. Users should consider mitigating exposure by restricting access to the vulnerable endpoint, applying network-level controls to limit remote access, or discontinuing use of affected versions until a fix is released. Monitor vendor channels for any future updates or patches.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-04-04T14:04:02.364Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69d244520a160ebd92ccff0a
Added to database: 4/5/2026, 11:15:30 AM
Last enriched: 4/5/2026, 11:30:25 AM
Last updated: 4/8/2026, 10:32:00 PM
Views: 36
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.