CVE-2026-25999
Improper Access Control in Klaw Allows Metadata Reset
Publication date: 2026-02-11
Last updated on: 2026-02-26
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| aiven | klaw | to 2.10.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-285 | The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-25999 is an improper access control vulnerability in the Klaw software versions prior to 2.10.2. It affects the /resetMemoryCache endpoint, allowing unauthorized users to send specially crafted requests that trigger a reset or deletion of metadata for any tenant.
This means an attacker can clear cached configurations, environments, and cluster data without proper authorization, potentially disrupting the normal operation of the system.
The vulnerability has a high severity with a CVSS v3.1 base score of 7.1, and it can be exploited remotely with low complexity and low privileges, requiring no user interaction.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing an attacker to disrupt system availability through unauthorized resets or deletions of cached metadata.
- Clearing cached configurations, environments, and cluster data can cause service interruptions or degraded performance.
- Since the integrity impact is low but availability impact is high, the main risk is denial of service or operational disruption rather than data theft.
- The attack requires only network access with low privileges and no user interaction, making it easier for attackers to exploit remotely.
To mitigate this risk, upgrading to Klaw version 2.10.2 is strongly recommended, as it enforces strict authorization checks on the vulnerable endpoint.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for unauthorized or unexpected requests sent to the /resetMemoryCache endpoint of the Klaw service. Since the vulnerability involves sending a specially crafted request to this endpoint to reset or delete metadata, network traffic analysis or web server logs can be inspected for such requests.
Suggested commands include using tools like curl or network monitoring utilities to check if the /resetMemoryCache endpoint is accessible without proper authorization.
- Use curl to test the endpoint without authorization: curl -X POST http://<klaw-server>/resetMemoryCache
- Check web server or application logs for POST requests to /resetMemoryCache from unauthorized IPs or users.
- Use network monitoring tools (e.g., tcpdump, Wireshark) to capture and analyze traffic targeting the /resetMemoryCache endpoint.
What immediate steps should I take to mitigate this vulnerability?
The immediate and recommended mitigation step is to upgrade the Klaw software to version 2.10.2 or later, where the vulnerability has been fixed by implementing strict server-side authorization checks on the /resetMemoryCache endpoint.
There are no official workarounds that maintain the endpointβs legitimate functionality, so upgrading is strongly advised.
Additionally, ensure that access to the /resetMemoryCache endpoint is restricted to authorized users only, and monitor for any unauthorized attempts to access this endpoint.