Severity by source
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:X/RE:L/U:X
Primary rating from Vendor (temporal) · only source for this CVE.
CVSS VectorVendor: temporal
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:X/RE:L/U:X
Lifecycle Timeline
3DescriptionCVE.org
The frontend gRPC server's streaming interceptor chain did not include the authorization interceptor. When a ClaimMapper and Authorizer are configured, unary RPCs enforce authentication and authorization, but the streaming AdminService/StreamWorkflowReplicationMessages endpoint accepted requests without credentials. This endpoint is registered on the same port as WorkflowService and cannot be disabled independently. An attacker with network access to the frontend port could open the replication stream without authentication. Data exfiltration is possible, but only when a configured replication target is correctly configured and the attacker has knowledge of the cluster configuration, as the history service validates cluster IDs and peer membership before returning replication data.
Temporal Cloud is not affected.
AnalysisAI
Temporal's frontend gRPC server fails to enforce authentication and authorization on the StreamWorkflowReplicationMessages endpoint, allowing unauthenticated network attackers to establish replication streams and potentially exfiltrate workflow data when replication targets are configured. The vulnerability affects Temporal versions prior to 1.28.4, 1.29.6, and 1.30.4; Temporal Cloud deployments are unaffected. While exploitation requires knowledge of cluster configuration and correctly configured replication targets, the authentication bypass on a network-accessible service combined with a moderate CVSS score (6.3) reflects the practical risk of unauthorized data access in multi-tenant or sensitive workflow environments.
Technical ContextAI
Temporal's frontend gRPC service implements streaming RPCs for workflow replication via the AdminService/StreamWorkflowReplicationMessages endpoint. The vulnerability stems from missing authorization interceptor middleware in the streaming interceptor chain (CWE-306: Missing Authentication), distinct from unary RPC handlers which properly enforce authentication via ClaimMapper and Authorizer configurations. The gRPC streaming endpoint is bound to the same frontend port as WorkflowService and cannot be disabled independently, creating an always-enabled unauthenticated pathway. The replication mechanism itself includes downstream validation-the history service checks cluster IDs and peer membership before returning sensitive replication data-but this secondary control is bypassed at the authentication layer, leaving the replication stream accessible without credentials.
RemediationAI
Vendor-released patches are available: upgrade to Temporal 1.28.4 or later (for 1.28.x branch), 1.29.6 or later (for 1.29.x branch), or 1.30.4 or later (for 1.30.x branch). The fix adds the authorization interceptor to the streaming interceptor chain for gRPC endpoints. Organizations unable to upgrade immediately should implement network-level access controls to restrict access to the Temporal frontend gRPC port (default 7233) to trusted internal networks only, and verify that replication targets are disabled or isolated if not required. For detailed patch information and release notes, consult https://github.com/temporalio/temporal/releases.
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-21607
GHSA-q98v-9f9w-f49q