CVE-2026-5199

A writer role user in an attacker-controlled namespace could signal, delete, and reset workflows or activities in a victim namespace on the same cluster. Exploitation requires the attacker to know or guess specific victim workflow IDs and, for signal operations, signal names. This was due to a bu...

expat security update

2.0.1-13.0.1 - Prevent integer overflow in storeRawNames CVE-2022-25315Orabug: 34059442 - Add missing validation of encoding CVE-2022-25235Orabug: 34059442 - Protect against malicious namespace declarations CVE-2022-25236Orabug: 34059442...