VDB

CVE-2025-8396

CVE-2025-8396 PUBLISHED CVSS 6.900000095367432 MEDIUM

Insufficiently specific bounds checking on authorization header could lead to denial of service in the Temporal server on all platforms due to excessive memory allocation.This issue affects all platforms and versions of OSS Server prior to 1.26.3, 1.27.3, and 1.28.1 (i.e., fixed in 1.26.3, 1.27.3, and 1.28.1 and later). Temporal Cloud services are not impacted.

EPSS 0.14% · 33.1th percentile

Risk Scores

CVSS 4.0
6.900000095367432
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/S:N/AU:Y
EPSS Score
0.14%
33.1th percentile

Affected Products

VendorProductVersions
TemporalOSS Server0, 1.27.0, 1.28.0
go.temporal.ioserver0, 1.27.0-126.0, 1.28.0-129.0

Timeline

  • Sep 15, 2025 CVE Published
  • Sep 16, 2025 EPSS Score
  • Sep 23, 2025 EPSS Score
  • Sep 30, 2025 EPSS Score
  • Oct 7, 2025 EPSS Score
  • Oct 14, 2025 EPSS Score
  • Oct 22, 2025 EPSS Score
  • Oct 29, 2025 EPSS Score
  • Nov 5, 2025 EPSS Score
  • Nov 10, 2025 CVE Updated
  • Nov 12, 2025 EPSS Score
  • Nov 19, 2025 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›