CVEReports
CVEReports

Automated vulnerability intelligence platform. Comprehensive reports for high-severity CVEs generated by AI.

Product

  • Home
  • Sitemap
  • RSS Feed

Company

  • About
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CVEReports. All rights reserved.

Made with love by Amit Schendel & Alon Barad

CVE-2025-14987

Temporal Paradox: The Cross-Namespace Authorization Bypass

Amit Schendel
Amit Schendel
Senior Security Researcher

Jan 2, 2026·5 min read·24 visits

Executive Summary (TL;DR)

Temporal trusted the envelope but ignored the letter inside. A worker authorized for 'Namespace A' could embed commands targeting 'Namespace B' within a standard task completion response. Because the server only validated the worker's access to 'Namespace A', the cross-namespace commands were executed without a secondary permission check. Fixed by adding 'Deep Inspection' logic to the authorization layer.

A logic flaw in Temporal's gRPC authorization interceptor allows authenticated workers in one namespace to execute unauthorized commands (Signaling, Canceling, etc.) against workflows in a completely different namespace.

Official Patches

TemporalRelease notes for version 1.29.2

Fix Analysis (1)

Technical Appendix

CVSS Score
5.3/ 10
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L
EPSS Probability
0.05%
Top 100% most exploited

Affected Systems

Temporal Server

Affected Versions Detail

Product
Affected Versions
Fixed Version
Temporal Server
Temporal
<= 1.27.31.27.4
Temporal Server
Temporal
1.28.0 - 1.28.11.28.2
Temporal Server
Temporal
1.29.0 - 1.29.11.29.2
AttributeDetail
CVE IDCVE-2025-14987
CVSS 4.05.3 (Medium)
CWECWE-863 (Incorrect Authorization)
VectorCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L
ImpactCross-Namespace Command Execution
Patch Commitb292a32bacdfa6472affd90f0a940408d5839cfa

MITRE ATT&CK Mapping

T1068Exploitation for Privilege Escalation
Privilege Escalation
T1565.001Data Manipulation: Stored Data Manipulation
Impact
CWE-863
Incorrect Authorization

The product provides an authorization method that does not properly verify that the user has the necessary permissions to access the requested resource.

Known Exploits & Detection

GitHubUnit tests demonstrating the authorized vs unauthorized cross-namespace behavior

Vulnerability Timeline

Patch authored and committed
2025-02-04
Advisory Published
2025-02-12

References & Sources

  • [1]GitHub Security Advisory
  • [2]Patch Commit
Related Vulnerabilities
CVE-2025-14986

Attack Flow Diagram

Press enter or space to select a node. You can then use the arrow keys to move the node around. Press delete to remove it and escape to cancel.
Press enter or space to select an edge. You can then press delete to remove it or escape to cancel.

More Reports

•about 4 hours ago•CVE-2024-29203
4.3

CVE-2024-29203: Client-Side Cross-Site Scripting via Unsandboxed Iframes and Legacy Embed Elements in TinyMCE

CVE-2024-29203 identifies a cross-site scripting (XSS) vulnerability in the content ingestion and parsing mechanics of TinyMCE rich text editor. Due to a failure to enforce sandbox attributes on dynamic iframe elements and safely handle legacy embed objects, unauthenticated attackers can inject malicious elements that execute scripts within the context of the parent application session.

Amit Schendel
Amit Schendel
5 views•5 min read
•about 6 hours ago•CVE-2026-9277
8.1

CVE-2026-9277: OS Command Injection in shell-quote via Object-Token Line Terminator Parsing Defect

A technical breakdown of the OS command injection vulnerability in the shell-quote NPM package (CVE-2026-9277 / GHSA-w7jw-789q-3m8p). The bug resides in the character-by-character backslash-escaping logic applied to the .op field of object-tokens within the quote() function, which fails to match and escape line terminators due to a regex matching oversight in JavaScript. This allows unauthenticated remote attackers to execute arbitrary shell commands if they can control inputs processed by this library.

Alon Barad
Alon Barad
7 views•6 min read
•about 7 hours ago•CVE-2026-11645
8.8

CVE-2026-11645: Out-of-Bounds Memory Access in Google Chrome V8 Engine

A high-severity memory corruption vulnerability exists in the V8 JavaScript engine of Google Chrome before versions 149.0.7827.102/103. The flaw arises from an incorrect bounds-check elimination during JIT compilation by the TurboFan optimizer, allowing remote attackers to achieve out-of-bounds read and write access inside the sandboxed renderer process.

Amit Schendel
Amit Schendel
23 views•6 min read
•about 16 hours ago•CVE-2026-50751
9.3

CVE-2026-50751: Authentication Bypass in Check Point Security Gateway IKEv1 Legacy Validation

An improper authentication vulnerability (CWE-287) exists in the legacy, deprecated Internet Key Exchange version 1 (IKEv1) key exchange protocol implementation in Check Point Security Gateways. The vulnerability is caused by a logic flow weakness during the certificate validation process for Remote Access VPN and Mobile Access (SSL VPN) connections. An unauthenticated remote attacker can exploit this weakness to bypass user authentication entirely, establishing a fully functional Remote Access VPN connection without a valid password.

Alon Barad
Alon Barad
69 views•6 min read
•1 day ago•CVE-2026-39922
6.3

CVE-2026-39922: Server-Side Request Forgery in GeoNode Service Registration Endpoint

GeoNode versions prior to 4.4.5 and 5.0.2 are vulnerable to Server-Side Request Forgery (SSRF) in the service registration endpoint. Authenticated attackers with low privileges can exploit insufficient input validation in the Web Map Service (WMS) registration module to force the application server to make outbound network queries to loopback addresses, private RFC1918 subnets, link-local scopes, and cloud metadata endpoints. This technical report details the mechanics of the vulnerability, the underlying architectural flaw, and how to effectively remediate and mitigate the associated security risks.

Alon Barad
Alon Barad
4 views•7 min read
•1 day ago•CVE-2022-0492
7.8

CVE-2022-0492: Privilege Escalation and Container Escape via cgroups v1 release_agent

CVE-2022-0492 is a high-severity missing authorization vulnerability in the Linux kernel's Control Groups (cgroups) v1 implementation. The flaw resides within the cgroup_release_agent_write function in kernel/cgroup/cgroup-v1.c, where the kernel fails to validate if the process writing to the release_agent file possesses administrative capabilities in the initial user namespace. This allows a local attacker inside a container with root privileges (UID 0) to abuse user namespaces, mount a cgroups v1 directory, modify the release_agent parameter, and execute arbitrary commands on the host system as host root, effectively achieving a complete container escape.

Amit Schendel
Amit Schendel
12 views•7 min read