CVE-2025-8396

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2025-8396

Severity

Unknown

Description

Insufficiently specific bounds checking on authorization header could lead to denial of service in the Temporal server on all platforms due to excessive memory allocation.This issue affects all platforms and versions of OSS Server prior to 1.26.3, 1.27.3, and 1.28.1 (i.e., fixed in 1.26.3, 1.27.3, and 1.28.1 and later). Temporal Cloud services are not impacted.

References

https://images.chainguard.dev/security/CGA-cj3m-8j94-3mr6
https://github.com/advisories/GHSA-p768-c3pr-6459
https://images.chainguard.dev/security/CGA-8x4g-gppr-mxjc
https://github.com/temporalio/temporal/releases/tag/v1.26.3
https://github.com/temporalio/temporal/releases/tag/v1.27.3
https://github.com/temporalio/temporal/releases/tag/v1.28.1

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CVE-2025-8396

Severity

Description

References

Affected packages

Product

Solutions

Customers

Resources

Company