Denial of Service Vulnerability in Klaw Apache Kafka Management Tool
CVE-2026-44367

2.7LOW

Key Information:

Vendor: Aiven-open
Status: Klaw
Vendor: CVE Published:; 2 June 2026

What is CVE-2026-44367?

A vulnerability exists in the Klaw tool affecting user registration and login processes due to inconsistent username case sensitivity. This inconsistency allows for targeted Denial of Service attacks, potentially leading to complete account lockout for users. The issue has been addressed in Klaw version 2.10.4, emphasizing the importance of upgrading to this version for enhanced security.

Affected Version(s)

klaw < 2.10.4

References

https://github.com/Aiven-Open/klaw/security/advisories/GH...

x_refsource_CONFIRM

https://github.com/Aiven-Open/klaw/releases/tag/v2.10.4

x_refsource_MISC

CVSS V3.1

Score:

2.7

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 2, 2026
Vulnerability Reserved
May 5, 2026

CVE-2026-44367 Data

JSON

Aiven-open

What is CVE-2026-44367?

Affected Version(s)

References

CVSS V3.1

Timeline