CVE-2026-55226

When deploying only the Topic Operator or only the User Operator via the Kafka custom resource, the Entity Operator's ServiceAccount retains RBAC rights for both operators rather than scoping permissions to the one actually deployed. This allows the ServiceAccount to access KafkaUser custom...

CVE-2025-60536

The CVE-2025-60536 entry affects kafka-ui, specifically the Configure New Cluster interface in versions v0.6.0 through v0.7.2. The issue allows an attacker to trigger a Denial of Service by uploading a crafted configuration file. The available connected documents confirm the affected product/vers...

CVE-2025-60537

Improper input validation in the component /kafka/ui/serdes/CustomSerdeLoader.java of kafka-ui v0.6.0 to v0.7.2 allows attackers to execute arbitrary code via supplying crafted data...

PT-2025-42165

Improper input validation in the component /kafka/ui/serdes/CustomSerdeLoader.java of kafka-ui v0.6.0 to v0.7.2 allows attackers to execute arbitrary code via supplying crafted data...

UI for Apache Kafka 安全漏洞

UI for Apache Kafka is an open source front-end interface for Kafka by Provectus. A security vulnerability exists in UI for Apache Kafka versions v0.6.0 through v0.7.2, which stems from improper validation of inputs to the component /kafka/ui/serdes/CustomSerdeLoader.java, which could lead to the...