GO-2026-4762 — Vulnetix

GO-2026-4762 PUBLISHED

Authorization bypass in gRPC-Go via missing leading slash in :path in google.golang.org/grpc

Affected Products

Vendor	Product	Versions
google.golang.org	grpc	0, 0

Timeline

Mar 27, 2026 CVE Published
Mar 30, 2026 CVE Updated

References

https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3 advisory

Open in Interactive Console →

$ Console Community · 100/wk Open console ›