CVE-2025-8396

Summary

Insufficiently specific bounds checking on authorization header could lead to denial of service in the Temporal server on all platforms due to excessive memory allocation.This issue affects all platforms and versions of OSS Server prior to 1.26.3, 1.27.3, and 1.28.1 (i.e., fixed in 1.26.3, 1.27.3, and 1.28.1 and later). Temporal Cloud services are not impacted.

Affected Software

VendorProductVersion RangeStatus
TemporalOSS Server0 < 1.26.3affected
TemporalOSS Server1.27.0 < 1.27.3affected
TemporalOSS Server1.28.0 < 1.28.1affected

Weaknesses

  • CWE-770: CWE-770 Allocation of Resources Without Limits or Throttling

Workarounds

Use mTLS, or bring your own claim mapper.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References