Executive Summary

CVE-2026-25999 is an improper access control vulnerability in the Klaw software versions prior to 2.10.2. It affects the /resetMemoryCache endpoint, allowing unauthorized users to send specially crafted requests that trigger a reset or deletion of metadata for any tenant.

This means an attacker can clear cached configurations, environments, and cluster data without proper authorization, potentially disrupting the normal operation of the system.

The vulnerability has a high severity with a CVSS v3.1 base score of 7.1, and it can be exploited remotely with low complexity and low privileges, requiring no user interaction.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can impact you by allowing an attacker to disrupt system availability through unauthorized resets or deletions of cached metadata.

• Clearing cached configurations, environments, and cluster data can cause service interruptions or degraded performance.
• Since the integrity impact is low but availability impact is high, the main risk is denial of service or operational disruption rather than data theft.
• The attack requires only network access with low privileges and no user interaction, making it easier for attackers to exploit remotely.

To mitigate this risk, upgrading to Klaw version 2.10.2 is strongly recommended, as it enforces strict authorization checks on the vulnerable endpoint.

Useful 0 Not Useful 0

Compliance Impact

I don't know

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by monitoring for unauthorized or unexpected requests sent to the /resetMemoryCache endpoint of the Klaw service. Since the vulnerability involves sending a specially crafted request to this endpoint to reset or delete metadata, network traffic analysis or web server logs can be inspected for such requests.

Suggested commands include using tools like curl or network monitoring utilities to check if the /resetMemoryCache endpoint is accessible without proper authorization.

• Use curl to test the endpoint without authorization: curl -X POST http://<klaw-server>/resetMemoryCache
• Check web server or application logs for POST requests to /resetMemoryCache from unauthorized IPs or users.
• Use network monitoring tools (e.g., tcpdump, Wireshark) to capture and analyze traffic targeting the /resetMemoryCache endpoint.

Useful 0 Not Useful 0

Mitigation Strategies

The immediate and recommended mitigation step is to upgrade the Klaw software to version 2.10.2 or later, where the vulnerability has been fixed by implementing strict server-side authorization checks on the /resetMemoryCache endpoint.

There are no official workarounds that maintain the endpoint’s legitimate functionality, so upgrading is strongly advised.

Additionally, ensure that access to the /resetMemoryCache endpoint is restricted to authorized users only, and monitor for any unauthorized attempts to access this endpoint.

Useful 0 Not Useful 0