CVE-2026-5724: Missing Authentication in Temporal gRPC Streaming Endpoint

Temporal operates a frontend service that handles incoming gRPC requests, routing them to underlying subsystems like the history service. The frontend service enforces authentication and authorization via a ClaimMapper and Authorizer configuration.

This security model relies on gRPC interceptors to validate requests before they reach the designated endpoint handlers. Unary RPCs, which consist of a single request and response, pass through an interceptor chain that correctly invokes the authorization logic.

The vulnerability exists because the streaming RPC interceptor chain omits this critical authorization component. Consequently, streaming endpoints registered on the frontend service process requests without evaluating the client's credentials.

The primary affected component is the AdminService/StreamWorkflowReplicationMessages endpoint. This endpoint facilitates cross-cluster replication and operates on the default WorkflowService port (7233), meaning it shares the same network attack surface as standard client traffic.

The root cause of CVE-2026-5724 is classified as CWE-306: Missing Authentication for Critical Function. The frontend gRPC server initializes two distinct interceptor chains during startup: one for unary requests and one for streaming requests.

Developers successfully registered the authorization interceptor in the unary chain, ensuring that standard API calls undergo credential validation. However, the streaming chain initialization lacked the corresponding registration call.

When a client initiates a request to a streaming endpoint, the gRPC server routes the connection through the incomplete streaming interceptor chain. The system bypasses the ClaimMapper and Authorizer entirely, proceeding directly to the endpoint handler.

This configuration oversight exclusively affects endpoints utilizing gRPC streaming. Since the replication stream is bound to the primary frontend port and cannot be independently disabled, the unprotected endpoint remains exposed alongside authenticated services.

The flaw resides in the server initialization phase where the gRPC options are constructed. The vulnerable implementation applies the authorization interceptor to unary requests but neglects the grpc.StreamInterceptor option.

// Conceptual Vulnerable Configuration
serverOpts := []grpc.ServerOption{
    grpc.UnaryInterceptor(
        grpc_middleware.ChainUnaryServer(
            authInterceptor.Unary(), // Authentication enforced here
            // ... other interceptors
        ),
    ),
    grpc.StreamInterceptor(
        grpc_middleware.ChainStreamServer(
            // Missing authInterceptor.Stream()
            // ... other interceptors
        ),
    ),
}

The patched implementation explicitly adds the streaming authorizer to the chain. The developers also introduced a dynamic configuration flag, system.disableStreamingAuthorizer, to allow backward compatibility during complex cluster upgrades.

// Conceptual Patched Configuration
serverOpts := []grpc.ServerOption{
    // ... Unary chain remains unchanged
    grpc.StreamInterceptor(
        grpc_middleware.ChainStreamServer(
            getStreamAuthInterceptor(dynamicConfig), // Authentication enforced here
            // ... other interceptors
        ),
    ),
}

This fix ensures that the gRPC core library evaluates authorization for both request patterns. If the dynamic configuration disables the authorizer, the system explicitly bypasses the check, allowing controlled fallback behavior.

Exploitation requires direct network routing to the Temporal frontend service port, typically exposed on TCP port 7233. The attacker initiates a standard gRPC streaming connection targeting the AdminService/StreamWorkflowReplicationMessages RPC method.

Because the streaming interceptor chain lacks the authorization check, the frontend service accepts the connection and forwards the request to the underlying history service. The attacker bypasses the initial access controls entirely.

Data exfiltration is constrained by secondary validation mechanisms within the history service. The backend logic requires valid cluster routing identifiers to process the replication stream.

To successfully extract workflow replication data, the attacker must possess prerequisite knowledge of the target cluster's internal configuration, specifically the cluster IDs and peer membership data. Without this telemetry, the history service will reject the data retrieval attempt, mitigating unauthenticated blind extraction.

The vulnerability carries a CVSS v4.0 score of 6.3 (Medium), reflecting the conditional nature of the data exfiltration impact. The attack requires no privileges and leverages low attack complexity, making the network attack surface highly accessible.

Successful exploitation compromises the confidentiality of workflow replication data. This data can contain sensitive business logic, execution state, and payload information traversing the Temporal cluster.

Integrity and availability remain unaffected, as the endpoint exclusively handles outbound replication streams. An attacker cannot inject false workflow state or disrupt existing replication operations through this vector.

The EPSS score of 0.001 (0.10%) indicates a very low probability of active exploitation in the wild. This correlates with the strict prerequisite of internal cluster knowledge, which severely limits the utility of automated scanning and mass exploitation.

Temporal addressed CVE-2026-5724 in go.temporal.io/server versions 1.28.4, 1.29.6, and 1.30.4. Administrators must upgrade their clusters to these patched releases to enforce streaming authorization.

Organizations utilizing cross-cluster replication must ensure their automated deployment pipelines provision appropriate credentials for the replication streams before enforcing the new configuration. Failing to update credentials will disrupt active replication.

During the upgrade process, administrators can utilize the system.disableStreamingAuthorizer dynamic configuration parameter. Setting this value to true temporarily reverts the system to the vulnerable state, preventing replication outages while teams coordinate credential rotation.

Security teams should monitor network telemetry for unexpected gRPC connections targeting the AdminService/StreamWorkflowReplicationMessages endpoint. Implement network segmentation to restrict frontend access strictly to authorized clients and peer clusters.