Cyber Resilience

CVE-2026-5562

MediumPublic PoC

Published: 05 April 2026

Published
05 April 2026
Modified
30 April 2026
KEV Added
Patch
CVSS Score v4 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0062 45.1th percentile
Risk Priority 35 floored blend · peak EPSS

Summary

CVE-2026-5562 is a medium-severity Injection (CWE-74) vulnerability in Provectus Ui. Its CVSS base score is 5.5 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 45.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-5562 is a code injection vulnerability in Provectus Kafka-UI versions up to 0.7.2. It affects the validateAccess function in the /api/smartfilters/testexecutions endpoint, enabling remote code injection as classified under CWE-74 (Injection) and CWE-94 (Code Injection). The vulnerability carries a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L), indicating high severity due to its network accessibility and low complexity.

Attackers can exploit this vulnerability remotely without privileges or user interaction by manipulating the affected endpoint, resulting in code injection that compromises confidentiality, integrity, and availability to a low degree. No authentication is required, making it accessible to unauthenticated remote actors.

Disclosure references, including those from VulDB, indicate that a public exploit is available via a Google Drive link, and the vendor was contacted early but provided no response, with no patches or official mitigations documented as of publication on 2026-04-05.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

A vulnerability was identified in provectus kafka-ui up to 0.7.2. This impacts the function validateAccess of the file /api/smartfilters/testexecutions of the component Endpoint. The manipulation leads to code injection. The attack can be initiated remotely. The exploit is publicly available…

more

and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

The vulnerability is a remote, unauthenticated code injection in a web application endpoint, directly enabling exploitation of public-facing applications for initial access.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-3395Shared CWE-74, CWE-94
CVE-2026-7703Shared CWE-74, CWE-94
CVE-2025-54451Shared CWE-94
CVE-2025-50692Shared CWE-94
CVE-2025-52385Shared CWE-94
CVE-2024-40489Shared CWE-94
CVE-2025-59059Shared CWE-94
CVE-2025-54466Shared CWE-94
CVE-2026-23498Shared CWE-94
CVE-2024-11976Shared CWE-94

Affected Assets

provectus
ui
0.7.0 — 0.7.2

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly prevents code injection vulnerabilities like CVE-2026-5562 by enforcing input validation and error handling at critical entry points such as the vulnerable /api/smartfilters/testexecutions endpoint.

prevent

Addresses the specific flaw in Provectus Kafka-UI up to 0.7.2 by requiring timely identification, prioritization, and correction of vulnerabilities, including code injection issues.

preventdetect

Mitigates remote code injection by monitoring and controlling communications at external interfaces, enabling blocking of malicious payloads targeting the unauthenticated endpoint.

References