CVE-2026-25999 - Klaw has an improper authorisation check on /resetMemoryCache

CVE ID : CVE-2026-25999 Published : Feb. 11, 2026, 9 p.m. | 28 minutes ago Description : Klaw is a self-service Apache Kafka Topic Management/Governance tool/portal. Prior to 2.10.2, there is an improper access control vulnerability that allows unauthorized users to trigger a reset or deletion of metadata for any tenant. By sending a crafted request to the /resetMemoryCache endpoint, an attacker can clear cached configurations, environments, and cluster data. This vulnerability is fixed in 2.10.2. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...