CVE-2026-44367 LOW

CVE-2026-44367: Klaw: user lockout due to case sensitivity inconsistency

Vendor Aiven-Open
Product klaw
Weakness CWE-178
Published June 2, 2026
Last update June 2, 2026

CVSS base score

2.7/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L

What the vulnerability does

01Description

Klaw is a self-service Apache Kafka Topic Management/Governance tool/portal. Prior to version 2.10.4, a vulnerability exists in the user registration and login mechanisms due to inconsistent handling of username case sensitivity, leading to a targeted Denial of Service (DoS) and complete account lockout. This issue has been patched in version 2.10.4.

Key dates

02Disclosure timeline

June 2, 2026 CVE published
June 2, 2026 Record updated