CVE-2026-25999

High CVSS: 7.1

Klaw is a self-service Apache Kafka Topic Management/Governance tool/portal. Prior to 2.10.2, there is an improper access control vulnerability that allows unauthorized users to trigger a reset or deletion of metadata for any tenant. By sending a crafted request to the /resetMemoryCache endpoint, an attacker can clear cached configurations, environments, and cluster data. This vulnerability is fixed in 2.10.2.

Vendor

Aiven

Product

Klaw

CWE

CWE-285

Yayın Tarihi

2026-02-11 21:16:20

Güncelleme

2026-02-26 23:25:10

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-285 Klaw HIGH Aiven 2026

Referanslar

https://github.com/Aiven-Open/klaw/commit/617ed96b1db111ed498d89132321bf39f486e3a1 https://github.com/Aiven-Open/klaw/releases/tag/v2.10.2 https://github.com/Aiven-Open/klaw/security/advisories/GHSA-rp26-qv9w-xr5q

Benzer Kayıtlar

Medium

CVE-2026-29190

Karapace is an open-source implementation of Kafka REST and Schema Registry. Prior to version 6.0.0, there is a Path Tra…

High

CVE-2025-67745

MyHoard is a daemon for creating, managing and restoring MySQL backups. Starting in version 1.0.1 and prior to version 1…

Critical

CVE-2025-55282

aiven-db-migrate is an Aiven database migration tool. Prior to 1.0.7, there is a privilege escalation vulnerability that…

Critical

CVE-2025-55283

aiven-db-migrate is an Aiven database migration tool. Prior to 1.0.7, there is a privilege escalation vulnerability that…