PatchSiren

Temporal Technologies, Inc. CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM Temporal Technologies, Inc. CVE published 2026-04-10

CVE-2026-5724

The CVE record describes a vulnerability in Temporal's frontend gRPC server. The server's streaming interceptor chain did not include the authorization interceptor. This omission allowed unauthenticated access to the streaming AdminService/StreamWorkflowReplicationMessages endpoint. The endpoint, registered on the same port as WorkflowService, could not be disabled independently. An attacker with network [truncated]