Volerion logoVolerion
Volerion logoVolerion

Micrometer gRPC Server Instrumentation Denial-of-Service Vulnerability

Vulnerability

A denial-of-service vulnerability has been identified in Micrometer versions 1.16.0 through 1.16.5 and 1.15.0 through 1.15.11. The issue arises when a user sends specially crafted gRPC requests that can disrupt service. An application is vulnerable if it uses affected Micrometer versions, has an ObservationRegistry that records observations, and is configured to output metrics from observations via the DefaultMeterObservationHandler or a custom observation handler. Additionally, the application must use the ObservationGrpcServerInterceptor to instrument its gRPC server.

Impact

Exploitation of this vulnerability can lead to a denial-of-service condition, causing the application to become unresponsive or unavailable.

Remediation

Users of Micrometer 1.16.x should upgrade to 1.16.6, and users of Micrometer 1.15.x should upgrade to 1.15.12.

Added: Jun 9, 2026, 6:40 AM
Updated: Jun 9, 2026, 6:40 AM

Vulnerability Rating

Custom Algorithm
spread
0.0
impact
2.5
exploitability
7.4
remediation
0.0
relevance
9.6
threat
0.0
urgency
2.9
incentive
4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.