CVE-2026-25999
Published: 11 February 2026
Summary
CVE-2026-25999 is a high-severity Improper Authorization (CWE-285) vulnerability in Aiven Klaw. Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 13.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
Threat & Defense at a Glance
Threat & Defense Details
Likely Mitigating ControlsAI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Documented procedures facilitate correct implementation and ongoing management of authorization decisions.
Periodic reviews identify and correct flaws in authorization decisions or enforcement.
The control's documentation requirement reduces improper authorization by ensuring only mission-justified actions bypass authentication.
Establishing permitted attributes and values, plus auditing changes, ensures authorization decisions are based on correctly managed policy data.
Explicitly mandates authorizing remote access types before permitting connections, directly mitigating improper authorization.
The control explicitly requires authorization of each wireless access type prior to permitting connections.
Mandating explicit authorization of mobile device connections reduces the risk of improper authorization decisions for system access.
Specifying access authorizations for each account and requiring approvals for account requests enforces proper authorization decisions.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The improper access control flaw directly enables remote exploitation of the public-facing Klaw web portal (/resetMemoryCache) to trigger application-level denial of service via cache/metadata reset, matching T1190 (Exploit Public-Facing Application) for initial access and T1499.004 (Application or System Exploitation) for the resulting availability impact.
NVD Description
Klaw is a self-service Apache Kafka Topic Management/Governance tool/portal. Prior to 2.10.2, there is an improper access control vulnerability that allows unauthorized users to trigger a reset or deletion of metadata for any tenant. By sending a crafted request to…
more
the /resetMemoryCache endpoint, an attacker can clear cached configurations, environments, and cluster data. This vulnerability is fixed in 2.10.2.
Deeper analysisAI
CVE-2026-25999 is an improper access control vulnerability (CWE-285) affecting Klaw, a self-service Apache Kafka Topic Management and Governance tool/portal, in versions prior to 2.10.2. The issue allows unauthorized users to trigger a reset or deletion of metadata for any tenant by sending a crafted request to the /resetMemoryCache endpoint. This results in the clearing of cached configurations, environments, and cluster data. The vulnerability has a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H), indicating high severity primarily due to availability impact.
An attacker with low privileges (PR:L) can exploit this over the network with low complexity and no user interaction required. By crafting and sending a request to the /resetMemoryCache endpoint, the attacker can clear cached data across tenants, leading to high availability disruption as services may need to reload configurations and potentially experience outages. The impact includes low integrity effects from metadata deletion or resets, but no confidentiality loss.
Mitigation is available in Klaw version 2.10.2, which addresses the improper access control. The GitHub security advisory (GHSA-rp26-qv9w-xr5q), release notes for v2.10.2, and the fixing commit (617ed96b1db111ed498d89132321bf39f486e3a1) provide details on the patch and upgrade instructions for administrators.
Details
- CWE(s)