CVE-2025-8396
6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/S:N/AU:Y
Summary
Insufficiently specific bounds checking on authorization header could lead to denial of service in the Temporal server on all platforms due to excessive memory allocation.This issue affects all platforms and versions of OSS Server prior to 1.26.3, 1.27.3, and 1.28.1 (i.e., fixed in 1.26.3, 1.27.3, and 1.28.1 and later). Temporal Cloud services are not impacted.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Temporal | OSS Server | 0 < 1.26.3 | affected |
| Temporal | OSS Server | 1.27.0 < 1.27.3 | affected |
| Temporal | OSS Server | 1.28.0 < 1.28.1 | affected |
Weaknesses
- CWE-770: CWE-770 Allocation of Resources Without Limits or Throttling
Workarounds
Use mTLS, or bring your own claim mapper.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
- https://github.com/temporalio/temporal/releases/tag/v1.26.3
- https://github.com/temporalio/temporal/releases/tag/v1.27.3
- https://github.com/temporalio/temporal/releases/tag/v1.28.1
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.