Spring gRPC CVE-2026-40968

EUVD-2026-26054 MEDIUM

Improper Isolation or Compartmentalization (CWE-653)

2026-04-28 vmware

Java Privilege Escalation

4.2

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

None

Lifecycle Timeline

Patch available

Apr 28, 2026 - 16:02 EUVD

CVSS changed

Apr 28, 2026 - 15:22 NVD

4.3 (MEDIUM) 4.2 (MEDIUM)

Analysis Generated

Apr 28, 2026 - 15:00 vuln.today

DescriptionNVD

When an authenticated user is denied access to a gRPC method, their authenticated identity remains bound to the gRPC worker thread and can be inherited by a subsequent unauthenticated request on the same thread. This may allow the subsequent user to gain escalated permissions.

Affected versions: Spring gRPC: 1.0.0 - 1.0.2 (fixed in 1.0.3). Older, unsupported versions are also affected.

AnalysisAI

Spring gRPC 1.0.0 through 1.0.2 inherits authenticated user identity on gRPC worker threads after access denial, allowing a subsequent unauthenticated request on the same thread to gain escalated permissions. The vulnerability requires an authenticated attacker with prior knowledge of thread reuse patterns and affects only configurations where both authenticated and unauthenticated requests share gRPC worker threads. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-40968 vulnerability details – vuln.today

Back