Vulnerability Details CVE-2026-25999
Klaw is a self-service Apache Kafka Topic Management/Governance tool/portal. Prior to 2.10.2, there is an improper access control vulnerability that allows unauthorized users to trigger a reset or deletion of metadata for any tenant. By sending a crafted request to the /resetMemoryCache endpoint, an attacker can clear cached configurations, environments, and cluster data. This vulnerability is fixed in 2.10.2.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 12.8%
CVSS Severity
CVSS v3 Score 7.1
References
Products affected by CVE-2026-25999
-
cpe:2.3:a:aiven:klaw:1.0.0
-
cpe:2.3:a:aiven:klaw:1.1.0
-
cpe:2.3:a:aiven:klaw:1.2.0
-
cpe:2.3:a:aiven:klaw:2.0.0
-
cpe:2.3:a:aiven:klaw:2.1.0
-
cpe:2.3:a:aiven:klaw:2.10.0
-
cpe:2.3:a:aiven:klaw:2.10.1
-
cpe:2.3:a:aiven:klaw:2.2.0
-
cpe:2.3:a:aiven:klaw:2.3.0
-
cpe:2.3:a:aiven:klaw:2.4.0
-
cpe:2.3:a:aiven:klaw:2.5.0
-
cpe:2.3:a:aiven:klaw:2.5.1
-
cpe:2.3:a:aiven:klaw:2.5.2
-
cpe:2.3:a:aiven:klaw:2.6.0
-
cpe:2.3:a:aiven:klaw:2.6.1
-
cpe:2.3:a:aiven:klaw:2.7.0
-
cpe:2.3:a:aiven:klaw:2.8.0
-
cpe:2.3:a:aiven:klaw:2.8.1
-
cpe:2.3:a:aiven:klaw:2.9.0