Primary

Context

Temporal Server Denial-of-Service Vulnerability Due to Insufficient Authorization Header Bounds Checking

Vulnerability

A denial-of-service vulnerability has been identified in Temporal Server on all platforms, affecting versions prior to 1.26.3, 1.27.3, and 1.28.1. The issue arises from insufficiently specific bounds checking on the authorization header, which could lead to excessive memory allocation. As a result, the server may become unresponsive or fail to handle requests properly. Notably, this vulnerability does not impact Temporal Cloud services.

Impact

Excessive memory allocation leading to denial-of-service conditions on the server.

Remediation

Users can upgrade to Temporal Server versions 1.26.3, 1.27.3, or 1.28.1 to address this vulnerability.

Added: Sep 15, 2025, 3:52 PM

Updated: Sep 15, 2025, 3:52 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

7.7

relevance

0.5

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

7.7

relevance

0.5

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Temporal Server Denial-of-Service Vulnerability Due to Insufficient Authorization Header Bounds Checking

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating