CVE-2026-44367
LOWKlaw: user lockout due to case sensitivity inconsistency
Title source: cnaDescription
Klaw is a self-service Apache Kafka Topic Management/Governance tool/portal. Prior to version 2.10.4, a vulnerability exists in the user registration and login mechanisms due to inconsistent handling of username case sensitivity, leading to a targeted Denial of Service (DoS) and complete account lockout. This issue has been patched in version 2.10.4.
References (2)
Core 2
Core References
X_Refsource_Confirm x_refsource_confirm
https://github.com/Aiven-Open/klaw/security/advisories/GHSA-75rx-m9vh-mm9p
X_Refsource_Misc x_refsource_misc
https://github.com/Aiven-Open/klaw/releases/tag/v2.10.4
Scores
CVSS v3
2.7
EPSS
0.0024
EPSS Percentile
14.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-178
CWE-20
Status
published
Products (1)
Aiven-Open/klaw
< 2.10.4
Published
Jun 02, 2026
Tracked Since
Jun 02, 2026