VYPR

Kafka UI

by Kafbat

Source repositories

CVEs (5)

  • CVE-2024-32030HigJun 19, 2024
    risk 0.52cvss 8.1epss 0.34

    Kafka UI is an Open-Source Web UI for Apache Kafka Management. Kafka UI API allows users to connect to different Kafka brokers by specifying their network address and port. As a separate feature, it also provides the ability to monitor the performance of Kafka brokers by…

  • CVE-2025-49127HigJun 6, 2025
    risk 0.51cvss epss 0.00

    Kafbat UI is a web user interface for managing Apache Kafka clusters. An unsafe deserialization vulnerability in version 1.0.0 allows any unauthenticated user to execute arbitrary code on the server. Version 1.1.0 fixes the issue.

  • CVE-2025-60536HigOct 14, 2025
    risk 0.49cvss 7.5epss 0.01

    An issue in the Configure New Cluster interface of kafka-ui v0.6.0 to v0.7.2 allows attackers to cause a Denial of Service (DoS) via uploading a crafted configuration file.

  • CVE-2026-5562HigApr 5, 2026
    risk 0.47cvss 7.3epss 0.01

    A vulnerability was identified in provectus kafka-ui up to 0.7.2. This impacts the function validateAccess of the file /api/smartfilters/testexecutions of the component Endpoint. The manipulation leads to code injection. The attack can be initiated remotely. The exploit is…

  • CVE-2023-52251Jan 25, 2024
    risk 0.11cvss epss 0.85

    An issue discovered in provectus kafka-ui 0.4.0 through 0.7.1 allows remote attackers to execute arbitrary code via the q parameter of /api/clusters/local/topics/{topic}/messages.