Primary

Context

Kafka-UI Denial-of-Service Vulnerability in Cluster Configuration Interface

Vulnerability

A denial-of-service vulnerability has been identified in Kafka-UI versions 0.6.0 through 0.7.2. The issue arises in the 'Configure New Cluster' interface, where attackers can upload a crafted configuration file that disrupts the application's normal operation, causing it to crash.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition, causing the application to crash and become unresponsive.

Reproduction

To reproduce this vulnerability, navigate to the 'Configure New Cluster' interface on the Kafka-UI dashboard. Upload a malformed or invalid configuration file, such as a PDF, into the 'Schema Registry' input field. This action will trigger a crash, causing a denial-of-service condition.

Added: Oct 14, 2025, 8:15 PM

Updated: Oct 14, 2025, 8:15 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

0.7

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

0.7

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Kafka-UI Denial-of-Service Vulnerability in Cluster Configuration Interface

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating