VDB

GO-2025-4272

GO-2025-4272 PUBLISHED

Temporal has a namespace policy bypass allowing requests to be authorized for incorrect contexts in go.temporal.io/server

Affected Products

VendorProductVersions
go.temporal.ioserver1.24.0, 1.28.0, 1.29.0

Timeline

  • Jan 12, 2026 CVE Published
  • Feb 4, 2026 CVE Updated
  • May 1, 2026 Security Advisory
Open in Interactive Console →
$ Console Community · 100/wk Open console ›