Primary

Context

Spring gRPC SecurityContext Leak Vulnerability Allowing Escalated Permissions

Vulnerability

A vulnerability exists in Spring gRPC versions 1.0.0 to 1.0.2, as well as older unsupported versions. When an authenticated user is denied access to a gRPC method, their identity remains tied to the gRPC worker thread. This identity can be passed to a subsequent unauthenticated request on the same thread, potentially allowing the latter user to gain elevated permissions.

Impact

Exploitation of this vulnerability could lead to unauthorized access and escalated permissions for users on the affected gRPC worker thread.

Remediation

Users should upgrade to Spring gRPC version 1.0.3.

Added: Apr 28, 2026, 3:48 PM

Updated: Apr 28, 2026, 3:48 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

4.8

remediation

0.0

relevance

6.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

4.8

remediation

0.0

relevance

6.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Spring gRPC SecurityContext Leak Vulnerability Allowing Escalated Permissions

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating