CVE-2026-25999

CVSS v3.1

7.1

High

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

Name of the Vulnerable Software and Affected Versions Klaw versions prior to 2.10.2

Description Klaw, a self-service Apache Kafka Topic Management/Governance tool/portal, contains an improper access control issue. This allows unauthorized users to trigger a reset or deletion of metadata for any tenant. An attacker can send a crafted request to the /resetMemoryCache API endpoint to clear cached configurations, environments, and cluster data. The resetMemoryCache function is vulnerable to this manipulation.

Recommendations Update to version 2.10.2 or later.

Exploit

Fix

Improper Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-285

Related Identifiers

CVE-2026-25999

GHSA-RP26-QV9W-XR5Q

Affected Products

Apache Kafka

Klaw

CVE-2026-25999

Weakness Enumeration

Related Identifiers

Affected Products

References · 7