Primary

Context

Palantir Gotham Gaia Unauthenticated Endpoint Vulnerability

Vulnerability

A vulnerability exists in the Palantir Gotham Gaia application, where multiple endpoints are exposed without authentication. This issue arises from a misconfiguration during a framework migration, allowing a malicious user with knowledge of specific resource IDs to access data without authentication. The affected resource identifiers are randomly generated, making it unlikely to brute force or guess them. However, an internal audit found no evidence of abuse.

Impact

Exploitation of this vulnerability could lead to unauthorized data access through the unauthenticated endpoints.

Remediation

The impacted endpoints have been fixed by implementing strict authentication and authorization checks.

Added: Dec 19, 2025, 5:30 PM

Updated: Dec 19, 2025, 6:13 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.2

remediation

0.0

relevance

1.6

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.2

remediation

0.0

relevance

1.6

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Palantir Gotham Gaia Unauthenticated Endpoint Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating