Information disclosure in Aiven-open Klaw

CVE-2026-45080

Klaw is a self-service Apache Kafka Topic Management/Governance tool/portal. Prior to version 2.10.4, improper access control allows disclosure of password hash. This issue has been patched in version 2.10.4.

Vulnerability class: Information Disclosure

EPSS: 0.000 (12.7th percentile) — read the EPSS interpretation.

Affected products

Aiven-open Klaw — versions < 2.10.4

Weakness classification (CWE)

References

security-advisories@github.com (x_refsource_CONFIRM)
security-advisories@github.com (x_refsource_MISC)