
We found results for “”
CVE-2025-8396
Good to know:


Date: September 15, 2025
Insufficiently specific bounds checking on authorization header could lead to denial of service in the Temporal server on all platforms due to excessive memory allocation.This issue affects all platforms and versions of OSS Server prior to 1.26.3, 1.27.3, and 1.28.1 (i.e., fixed in 1.26.3, 1.27.3, and 1.28.1 and later). Temporal Cloud services are not impacted.
Severity Score
Related Resources (7)
Severity Score
Weakness Type (CWE)
Allocation of Resources Without Limits or Throttling
CWE-770Top Fix

Upgrade Version
Upgrade to version go.temporal.io/server - v1.26.3;go.temporal.io/server - v1.27.3;go.temporal.io/server - v1.28.1
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | CHANGED |
Confidentiality (C): | NONE |
Integrity (I): | NONE |
Availability (A): | LOW |