Home > Vulnerability Database > CVE-2025-8396

Mend.io Vulnerability Database

CVE-2025-8396

Good to know:

Date: September 15, 2025

Insufficiently specific bounds checking on authorization header could lead to denial of service in the Temporal server on all platforms due to excessive memory allocation.This issue affects all platforms and versions of OSS Server prior to 1.26.3, 1.27.3, and 1.28.1 (i.e., fixed in 1.26.3, 1.27.3, and 1.28.1 and later). Temporal Cloud services are not impacted.

Severity Score

5.8

Related Resources (7)

Url: https://github.com/advisories/GHSA-p768-c3pr-6459

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-8396

Url: https://github.com/temporalio/temporal

Url: https://github.com/temporalio/temporal/releases/tag/v1.26.3

Url: https://github.com/temporalio/temporal/releases/tag/v1.28.1

Url: https://github.com/temporalio/temporal/releases/tag/v1.27.3

Url: https://www.mend.io/vulnerability-database/CVE-2025-8396

Severity Score

5.8

Weakness Type (CWE)

Allocation of Resources Without Limits or Throttling

CWE-770

Top Fix

Upgrade Version

Upgrade to version go.temporal.io/server - v1.26.3;go.temporal.io/server - v1.27.3;go.temporal.io/server - v1.28.1

Learn More

CVSS v3.1

Base Score:	5.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2025-8396

Good to know:

Date: September 15, 2025

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?