CVE-2026-44367

Summary

Klaw is a self-service Apache Kafka Topic Management/Governance tool/portal. Prior to version 2.10.4, a vulnerability exists in the user registration and login mechanisms due to inconsistent handling of username case sensitivity, leading to a targeted Denial of Service (DoS) and complete account lockout. This issue has been patched in version 2.10.4.

Affected Software

VendorProductVersion RangeStatus
Aiven-Openklaw< 2.10.4affected

Weaknesses

  • CWE-178: CWE-178: Improper Handling of Case Sensitivity
  • CWE-20: CWE-20: Improper Input Validation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References