Filtered by vendor Vmware
Subscriptions
Filtered by product Spring Grpc
Subscriptions
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-40968 | 2 Spring, Vmware | 2 Spring, Spring Grpc | 2026-04-30 | 4.3 Medium |
| When an authenticated user is denied access to a gRPC method, their authenticated identity remains bound to the gRPC worker thread and can be inherited by a subsequent unauthenticated request on the same thread. This may allow the subsequent user to gain escalated permissions. Affected versions: Spring gRPC: 1.0.0 - 1.0.2 (fixed in 1.0.3). Older, unsupported versions are also affected. | ||||
| CVE-2026-40969 | 2 Spring, Vmware | 2 Spring, Spring Grpc | 2026-04-30 | 3.7 Low |
| The raw message of every server-side AuthenticationException is returned to the unauthenticated remote caller in the gRPC status description. This allows an attacker to obtain information about the authentication failure, which may be useful for further attacks. Affected versions: Spring gRPC: 1.0.0 - 1.0.2 (fixed in 1.0.3). Older, unsupported versions are also affected. | ||||
Page 1 of 1.