Is Klaw affected by CVE-2026-25999?

A high-severity access control vulnerability in Klaw (CVE-2026-25999) allows unauthorized users to delete or reset metadata for any tenant without authentication. Organizations using Klaw for Kafka governance face potential data loss, service disruption, and compliance violations if exploited.

CVE-2026-25999

HIGH

2026-02-11 [email protected]

7.1

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:02 vuln.today

Patch Released

Feb 26, 2026 - 23:25 nvd

Patch available

CVE Published

Feb 11, 2026 - 21:16 nvd

HIGH 7.1

Description

Klaw is a self-service Apache Kafka Topic Management/Governance tool/portal. Prior to 2.10.2, there is an improper access control vulnerability that allows unauthorized users to trigger a reset or deletion of metadata for any tenant. By sending a crafted request to the /resetMemoryCache endpoint, an attacker can clear cached configurations, environments, and cluster data. This vulnerability is fixed in 2.10.2.

Analysis

Klaw versions before 2.10.2 contain an improper access control flaw in the /resetMemoryCache endpoint that allows authenticated attackers to wipe cached metadata, configurations, and cluster data across any tenant without proper authorization. This vulnerability affects Apache Kafka deployments using Klaw for topic governance and could disrupt Kafka cluster management and visibility. …

Remediation

Within 24 hours: Assess current Klaw deployment scope and identify all affected instances running versions prior to 2.10.2; restrict network access to Klaw administrative interfaces to trusted IPs only. Within 7 days: Apply vendor patch to upgrade all Klaw instances to version 2.10.2 or later; conduct post-patch validation testing. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +36

POC: 0

CVE-2026-25999 vulnerability details – vuln.today

Back

CVE-2026-25999

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

CVE-2026-25999

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code