CVE-2026-25999 – Klaw has an improper authorisation check on /resetMemoryCache

CVE ID : CVE-2026-25999

Published : Feb. 11, 2026, 9:16 p.m. | 1 hour, 8 minutes ago

Description : Klaw is a self-service Apache Kafka Topic Management/Governance tool/portal. Prior to 2.10.2, there is an improper access control vulnerability that allows unauthorized users to trigger a reset or deletion of metadata for any tenant. By sending a crafted request to the /resetMemoryCache endpoint, an attacker can clear cached configurations, environments, and cluster data. This vulnerability is fixed in 2.10.2.

Severity: 7.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…