Kafka UI 0.7.1 Command Injection

An issue discovered in provectus kafka-ui 0.4.0 through 0.7.1 allows remote attackers to execute arbitrary code via the q parameter of /api/clusters/local/topics/topic/messages. id: CVE-2023-52251 info: name: Kafka UI 0.7.1 Command Injection author: yhy0,iamnoooob severity: high description: | An...

CVE-2026-5562

A vulnerability was identified in provectus kafka-ui up to 0.7.2. This impacts the function validateAccess of the file /api/smartfilters/testexecutions of the component Endpoint. The manipulation leads to code injection. The attack can be initiated remotely. The exploit is publicly available and...

EUVD-2026-19071

A vulnerability was identified in provectus kafka-ui up to 0.7.2. This impacts the function validateAccess of the file /api/smartfilters/testexecutions of the component Endpoint. The manipulation leads to code injection. The attack can be initiated remotely. The exploit is publicly available and...

CVE-2026-5562

A vulnerability was identified in provectus kafka-ui up to 0.7.2. This impacts the function validateAccess of the file /api/smartfilters/testexecutions of the component Endpoint. The manipulation leads to code injection. The attack can be initiated remotely. The exploit is publicly available and...

CVE-2026-5562 provectus kafka-ui Endpoint testexecutions validateAccess code injection

A vulnerability was identified in provectus kafka-ui up to 0.7.2. This impacts the function validateAccess of the file /api/smartfilters/testexecutions of the component Endpoint. The manipulation leads to code injection. The attack can be initiated remotely. The exploit is publicly available and...

CVE-2026-5562 provectus kafka-ui Endpoint testexecutions validateAccess code injection

A vulnerability was identified in provectus kafka-ui up to 0.7.2. This impacts the function validateAccess of the file /api/smartfilters/testexecutions of the component Endpoint. The manipulation leads to code injection. The attack can be initiated remotely. The exploit is publicly available and...

kafka-ui 代码注入漏洞

kafka-ui is a web management interface for Kafka developed by Provectus. Versions of kafka-ui prior to 0.7.2 contained a code injection vulnerability. This vulnerability stemmed from the validateAccess function in the endpoint/api/smartfilters/testexecutions...

PT-2026-30432

Name of the Vulnerable Software and Affected Versions provectus kafka-ui versions up to 0.7.2 Description A code injection issue exists in the validateAccess function within the Endpoint component, specifically in the file /api/smartfilters/testexecutions. This can be triggered remotely. The...

CVE-2025-60537

Improper input validation in the component /kafka/ui/serdes/CustomSerdeLoader.java of kafka-ui v0.6.0 to v0.7.2 allows attackers to execute arbitrary code via supplying crafted data...

CVE-2025-60536

An issue in the Configure New Cluster interface of kafka-ui v0.6.0 to v0.7.2 allows attackers to cause a Denial of Service DoS via uploading a crafted configuration file...

EUVD-2025-34447

Improper input validation in the component /kafka/ui/serdes/CustomSerdeLoader.java of kafka-ui v0.6.0 to v0.7.2 allows attackers to execute arbitrary code via supplying crafted data...

CVE-2025-60537

Improper input validation in the component /kafka/ui/serdes/CustomSerdeLoader.java of kafka-ui v0.6.0 to v0.7.2 allows attackers to execute arbitrary code via supplying crafted data...

CVE-2025-60536

An issue in the Configure New Cluster interface of kafka-ui v0.6.0 to v0.7.2 allows attackers to cause a Denial of Service DoS via uploading a crafted configuration file...

CVE-2025-60536

An issue in the Configure New Cluster interface of kafka-ui v0.6.0 to v0.7.2 allows attackers to cause a Denial of Service DoS via uploading a crafted configuration file...

CVE-2025-60537

Improper input validation in the component /kafka/ui/serdes/CustomSerdeLoader.java of kafka-ui v0.6.0 to v0.7.2 allows attackers to execute arbitrary code via supplying crafted data...

CVE-2025-60536

An issue in the Configure New Cluster interface of kafka-ui v0.6.0 to v0.7.2 allows attackers to cause a Denial of Service DoS via uploading a crafted configuration file...

PT-2025-42164

An issue in the Configure New Cluster interface of kafka-ui v0.6.0 to v0.7.2 allows attackers to cause a Denial of Service DoS via uploading a crafted configuration file...

CVE-2025-60537

CVE-2025-60537 affects Kafka UI, specifically the component "/kafka/ui/serdes/CustomSerdeLoader.java" in versions v0.6.0 to v0.7.2. The root cause is improper input validation in this loader, allowing attackers to execute arbitrary code when supplied with crafted data. The statements in connected...

CVE-2025-60536

An issue in the Configure New Cluster interface of kafka-ui v0.6.0 to v0.7.2 allows attackers to cause a Denial of Service DoS via uploading a crafted configuration file...

CVE-2024-32030

Kafka UI is an Open-Source Web UI for Apache Kafka Management. Kafka UI API allows users to connect to different Kafka brokers by specifying their network address and port. As a separate feature, it also provides the ability to monitor the performance of Kafka brokers by connecting to their JMX...