Primary

Context

Spring gRPC AuthenticationException Message Reflection Vulnerability

Vulnerability

A vulnerability exists in Spring gRPC versions 1.0.0 to 1.0.2, as well as older unsupported versions, where the raw message of server-side AuthenticationException is sent to unauthenticated remote callers in the gRPC status description. This exposure allows attackers to gain insights into authentication failures, potentially aiding in further attacks.

Impact

The vulnerability could lead to information disclosure regarding authentication failures, which may be leveraged for additional attacks.

Remediation

Users should upgrade to Spring gRPC version 1.0.3.

Added: Apr 28, 2026, 3:44 PM

Updated: Apr 28, 2026, 3:44 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.4

remediation

0.0

relevance

6.9

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.4

remediation

0.0

relevance

6.9

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Spring gRPC AuthenticationException Message Reflection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating