VDB
CVE-2025-8396
CVE-2025-8396
PUBLISHED
CVSS 6.900000095367432 MEDIUM
Insufficiently specific bounds checking on authorization header could lead to denial of service in the Temporal server on all platforms due to excessive memory allocation.This issue affects all platforms and versions of OSS Server prior to 1.26.3, 1.27.3, and 1.28.1 (i.e., fixed in 1.26.3, 1.27.3, and 1.28.1 and later). Temporal Cloud services are not impacted.
EPSS 0.14% · 33.1th percentile
Risk Scores
CVSS 4.0
6.900000095367432
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/S:N/AU:Y
EPSS Score
0.14%
33.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Temporal | OSS Server | 0, 1.27.0, 1.28.0 |
| go.temporal.io | server | 0, 1.27.0-126.0, 1.28.0-129.0 |
Timeline
- Sep 15, 2025 CVE Published
- Sep 16, 2025 EPSS Score
- Sep 23, 2025 EPSS Score
- Sep 30, 2025 EPSS Score
- Oct 7, 2025 EPSS Score
- Oct 14, 2025 EPSS Score
- Oct 22, 2025 EPSS Score
- Oct 29, 2025 EPSS Score
- Nov 5, 2025 EPSS Score
- Nov 10, 2025 CVE Updated
- Nov 12, 2025 EPSS Score
- Nov 19, 2025 EPSS Score