CVE-2026-5562

HighPublic PoC

Published: 05 April 2026

Published

05 April 2026

Modified

30 April 2026

KEV Added

—

Patch

—

CVSS Score 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

EPSS Score 0.0008 23.2th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-5562 is a high-severity Injection (CWE-74) vulnerability in Provectus Ui. Its CVSS base score is 7.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 23.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly prevents code injection vulnerabilities like CVE-2026-5562 by enforcing input validation and error handling at critical entry points such as the vulnerable /api/smartfilters/testexecutions endpoint.

SI-2 Flaw Remediation good match

prevent

Addresses the specific flaw in Provectus Kafka-UI up to 0.7.2 by requiring timely identification, prioritization, and correction of vulnerabilities, including code injection issues.

SC-7 Boundary Protection partial match

preventdetect

Mitigates remote code injection by monitoring and controlling communications at external interfaces, enabling blocking of malicious payloads targeting the unauthenticated endpoint.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

The vulnerability is a remote, unauthenticated code injection in a web application endpoint, directly enabling exploitation of public-facing applications for initial access.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

A vulnerability was identified in provectus kafka-ui up to 0.7.2. This impacts the function validateAccess of the file /api/smartfilters/testexecutions of the component Endpoint. The manipulation leads to code injection. The attack can be initiated remotely. The exploit is publicly available…

and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

Deeper analysisAI

CVE-2026-5562 is a code injection vulnerability in Provectus Kafka-UI versions up to 0.7.2. It affects the validateAccess function in the /api/smartfilters/testexecutions endpoint, enabling remote code injection as classified under CWE-74 (Injection) and CWE-94 (Code Injection). The vulnerability carries a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L), indicating high severity due to its network accessibility and low complexity.

Attackers can exploit this vulnerability remotely without privileges or user interaction by manipulating the affected endpoint, resulting in code injection that compromises confidentiality, integrity, and availability to a low degree. No authentication is required, making it accessible to unauthenticated remote actors.

Disclosure references, including those from VulDB, indicate that a public exploit is available via a Google Drive link, and the vendor was contacted early but provided no response, with no patches or official mitigations documented as of publication on 2026-04-05.