2 matches found
CVE-2023-52251
Kafka UI (Provectus Kafka‑UI) 0.4.0–0.7.1 is exploitable via the q parameter in /api/clusters/local/topics/{topic}/messages, allowing remote code execution through a Groovy script injection in the filterQueryType path. Impact is high (RCE). Remediation available: upgrade to Kafka UI 0.7.2 or late...
CVE-2026-5562
Provectus Kafka-UI