CVE-2026-25999: CWE-285: Improper Authorization in Aiven-Open klaw
CVE-2026-25999 is a high-severity improper authorization vulnerability in Aiven-Open's Klaw, a Kafka topic management tool. Versions prior to 2. 10. 2 allow attackers with limited privileges to send crafted requests to the /resetMemoryCache endpoint, causing unauthorized reset or deletion of tenant metadata. This leads to clearing cached configurations, environments, and cluster data, impacting availability and integrity. No user interaction is needed, and the vulnerability can be exploited remotely over the network. Although no known exploits are reported in the wild yet, affected organizations should urgently update to version 2. 10. 2. European organizations using Klaw for Kafka governance are at risk of service disruption and data integrity issues.
AI Analysis
Technical Summary
CVE-2026-25999 is an improper authorization vulnerability (CWE-285) found in Aiven-Open's Klaw, a self-service Apache Kafka topic management and governance portal. The flaw exists in versions prior to 2.10.2, where the /resetMemoryCache endpoint lacks proper access controls. This endpoint is designed to reset or clear cached metadata related to tenant configurations, environments, and Kafka cluster data. An attacker with limited privileges (PR:L - privileges required) can send a crafted HTTP request to this endpoint without user interaction (UI:N) and trigger a reset or deletion of critical metadata. The vulnerability has a CVSS 3.1 score of 7.1, indicating high severity, with network attack vector (AV:N), low attack complexity (AC:L), and no confidentiality impact but partial integrity loss and high availability impact (I:L, A:H). Exploitation can cause disruption of Kafka topic management services by clearing cached data, potentially leading to misconfigurations, downtime, or operational delays. The vulnerability is fixed in Klaw version 2.10.2. No public exploits are currently known, but the ease of exploitation and impact on availability make this a significant risk for organizations relying on Klaw for Kafka governance.
Potential Impact
For European organizations, the vulnerability poses a significant risk to the availability and integrity of Kafka topic management services. Kafka is widely used in critical sectors such as finance, telecommunications, and cloud infrastructure across Europe. Exploitation could lead to unexpected resets of cached configurations, causing service disruptions, delays in topic governance, and potential operational outages. This could impact business continuity, especially for organizations with real-time data processing needs. The integrity of metadata is compromised, which may lead to misconfigurations or loss of audit trails. Although confidentiality is not directly affected, the operational impact can indirectly affect compliance with regulations like GDPR if service disruptions affect data processing. Organizations using Klaw in multi-tenant environments are particularly vulnerable, as attackers can target any tenant's metadata. The lack of known exploits in the wild reduces immediate risk but does not eliminate the threat, especially given the low complexity of exploitation.
Mitigation Recommendations
Organizations should immediately upgrade Klaw to version 2.10.2 or later to apply the official fix. Until the patch is applied, restrict network access to the /resetMemoryCache endpoint using firewalls or API gateways to limit exposure to trusted users only. Implement strong authentication and authorization controls around management interfaces, ensuring that only authorized administrators can access sensitive endpoints. Monitor logs and network traffic for unusual or unauthorized requests to the reset endpoint. Employ anomaly detection to identify potential exploitation attempts. Conduct regular audits of Kafka governance configurations and metadata integrity to detect any unauthorized changes. For multi-tenant deployments, enforce tenant isolation and review access policies to minimize the risk of cross-tenant attacks. Finally, integrate vulnerability scanning and patch management processes to promptly identify and remediate similar issues in the future.
Affected Countries
Germany, United Kingdom, France, Netherlands, Sweden, Finland, Ireland
CVE-2026-25999: CWE-285: Improper Authorization in Aiven-Open klaw
Description
CVE-2026-25999 is a high-severity improper authorization vulnerability in Aiven-Open's Klaw, a Kafka topic management tool. Versions prior to 2. 10. 2 allow attackers with limited privileges to send crafted requests to the /resetMemoryCache endpoint, causing unauthorized reset or deletion of tenant metadata. This leads to clearing cached configurations, environments, and cluster data, impacting availability and integrity. No user interaction is needed, and the vulnerability can be exploited remotely over the network. Although no known exploits are reported in the wild yet, affected organizations should urgently update to version 2. 10. 2. European organizations using Klaw for Kafka governance are at risk of service disruption and data integrity issues.
AI-Powered Analysis
Technical Analysis
CVE-2026-25999 is an improper authorization vulnerability (CWE-285) found in Aiven-Open's Klaw, a self-service Apache Kafka topic management and governance portal. The flaw exists in versions prior to 2.10.2, where the /resetMemoryCache endpoint lacks proper access controls. This endpoint is designed to reset or clear cached metadata related to tenant configurations, environments, and Kafka cluster data. An attacker with limited privileges (PR:L - privileges required) can send a crafted HTTP request to this endpoint without user interaction (UI:N) and trigger a reset or deletion of critical metadata. The vulnerability has a CVSS 3.1 score of 7.1, indicating high severity, with network attack vector (AV:N), low attack complexity (AC:L), and no confidentiality impact but partial integrity loss and high availability impact (I:L, A:H). Exploitation can cause disruption of Kafka topic management services by clearing cached data, potentially leading to misconfigurations, downtime, or operational delays. The vulnerability is fixed in Klaw version 2.10.2. No public exploits are currently known, but the ease of exploitation and impact on availability make this a significant risk for organizations relying on Klaw for Kafka governance.
Potential Impact
For European organizations, the vulnerability poses a significant risk to the availability and integrity of Kafka topic management services. Kafka is widely used in critical sectors such as finance, telecommunications, and cloud infrastructure across Europe. Exploitation could lead to unexpected resets of cached configurations, causing service disruptions, delays in topic governance, and potential operational outages. This could impact business continuity, especially for organizations with real-time data processing needs. The integrity of metadata is compromised, which may lead to misconfigurations or loss of audit trails. Although confidentiality is not directly affected, the operational impact can indirectly affect compliance with regulations like GDPR if service disruptions affect data processing. Organizations using Klaw in multi-tenant environments are particularly vulnerable, as attackers can target any tenant's metadata. The lack of known exploits in the wild reduces immediate risk but does not eliminate the threat, especially given the low complexity of exploitation.
Mitigation Recommendations
Organizations should immediately upgrade Klaw to version 2.10.2 or later to apply the official fix. Until the patch is applied, restrict network access to the /resetMemoryCache endpoint using firewalls or API gateways to limit exposure to trusted users only. Implement strong authentication and authorization controls around management interfaces, ensuring that only authorized administrators can access sensitive endpoints. Monitor logs and network traffic for unusual or unauthorized requests to the reset endpoint. Employ anomaly detection to identify potential exploitation attempts. Conduct regular audits of Kafka governance configurations and metadata integrity to detect any unauthorized changes. For multi-tenant deployments, enforce tenant isolation and review access policies to minimize the risk of cross-tenant attacks. Finally, integrate vulnerability scanning and patch management processes to promptly identify and remediate similar issues in the future.
Affected Countries
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-02-09T17:41:55.859Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 698cf19f4b57a58fa1cc1c9a
Added to database: 2/11/2026, 9:16:15 PM
Last enriched: 2/11/2026, 9:30:49 PM
Last updated: 2/11/2026, 10:50:46 PM
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2026-26215: CWE-502 Deserialization of Untrusted Data in zyddnys manga-image-translator
CriticalCVE-2026-1669: CWE-73 External Control of File Name or Path in Google Keras
HighCVE-2024-50619: n/a
HighCVE-2026-26031: CWE-863: Incorrect Authorization in frappe lms
LowCVE-2026-26029: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in akutishevsky sf-mcp-server
HighActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.