CVE-2026-5562

Source
https://cve.org/CVERecord?id=CVE-2026-5562
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-5562.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-5562
Published
2026-04-05T11:00:17.843Z
Modified
2026-07-08T08:14:01.091640238Z
Severity
  • 5.5 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
Summary
provectus kafka-ui Endpoint testexecutions validateAccess code injection
Details

A vulnerability was identified in provectus kafka-ui up to 0.7.2. This impacts the function validateAccess of the file /api/smartfilters/testexecutions of the component Endpoint. The manipulation leads to code injection. The attack can be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

Database specific
{
    "unresolved_ranges": [
        {
            "source": "AFFECTED_FIELD",
            "extracted_events": [
                {
                    "introduced": "0.7.0"
                },
                {
                    "last_affected": "0.7.0"
                },
                {
                    "introduced": "0.7.1"
                },
                {
                    "last_affected": "0.7.1"
                },
                {
                    "introduced": "0.7.2"
                },
                {
                    "last_affected": "0.7.2"
                }
            ]
        }
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/5xxx/CVE-2026-5562.json",
    "cna_assigner": "VulDB",
    "cwe_ids": [
        "CWE-74",
        "CWE-94"
    ]
}
References

Affected packages

Git / github.com/provectus/kafka-ui

Affected ranges

Type
GIT
Repo
https://github.com/provectus/kafka-ui
Events
Database specific
{
    "source": "CPE_RANGE",
    "cpe": "cpe:2.3:a:provectus:ui:*:*:*:*:*:kafka:*:*",
    "extracted_events": [
        {
            "introduced": "0.7.0"
        },
        {
            "last_affected": "0.7.2"
        }
    ]
}

Affected versions

charts/kafka-ui-0.*
charts/kafka-ui-0.7.0
charts/kafka-ui-0.7.1
v0.*
v0.7.0
v0.7.2

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-5562.json"