CVE-2026-25999
Published: 11 February 2026
Summary
CVE-2026-25999 is a high-severity Improper Authorization (CWE-285) vulnerability in Aiven Klaw. Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 14.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).
Deeper analysis
CVE-2026-25999 is an improper access control vulnerability (CWE-285) affecting Klaw, a self-service Apache Kafka Topic Management and Governance tool/portal, in versions prior to 2.10.2. The issue allows unauthorized users to trigger a reset or deletion of metadata for any tenant by sending a crafted request to the /resetMemoryCache endpoint. This results in the clearing of cached configurations, environments, and cluster data. The vulnerability has a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H), indicating high severity primarily due to availability impact.
An attacker with low privileges (PR:L) can exploit this over the network with low complexity and no user interaction required. By crafting and sending a request to the /resetMemoryCache endpoint, the attacker can clear cached data across tenants, leading to high availability disruption as services may need to reload configurations and potentially experience outages. The impact includes low integrity effects from metadata deletion or resets, but no confidentiality loss.
Mitigation is available in Klaw version 2.10.2, which addresses the improper access control. The GitHub security advisory (GHSA-rp26-qv9w-xr5q), release notes for v2.10.2, and the fixing commit (617ed96b1db111ed498d89132321bf39f486e3a1) provide details on the patch and upgrade instructions for administrators.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-6199
Vulnerability details
Klaw is a self-service Apache Kafka Topic Management/Governance tool/portal. Prior to 2.10.2, there is an improper access control vulnerability that allows unauthorized users to trigger a reset or deletion of metadata for any tenant. By sending a crafted request to…
more
the /resetMemoryCache endpoint, an attacker can clear cached configurations, environments, and cluster data. This vulnerability is fixed in 2.10.2.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The improper access control flaw directly enables remote exploitation of the public-facing Klaw web portal (/resetMemoryCache) to trigger application-level denial of service via cache/metadata reset, matching T1190 (Exploit Public-Facing Application) for initial access and T1499.004 (Application or System Exploitation) for the resulting availability impact.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly enforces authorization checks on the /resetMemoryCache endpoint so that only permitted users can trigger tenant metadata resets or deletions.
Limits the operations low-privilege accounts (PR:L) are allowed to perform, preventing them from reaching the dangerous resetMemoryCache function.
Restricts which users or roles may perform configuration or metadata changes, blocking unauthorized cache-clearing actions against any tenant.