MEDIUM
Temporal Technologies, Inc.
CVE published 2026-04-10
CVE-2026-5724
The CVE record describes a vulnerability in Temporal's frontend gRPC server. The server's streaming interceptor chain did not include the authorization interceptor. This omission allowed unauthenticated access to the streaming AdminService/StreamWorkflowReplicationMessages endpoint. The endpoint, registered on the same port as WorkflowService, could not be disabled independently. An attacker with network [truncated]