Temporal Server: attacker-controlled namespace could signal, delete, and reset workflows or activities in a victim namespace on the same cluster

A writer role user in an attacker-controlled namespace could signal, delete, and reset workflows or activities in a victim namespace on the same cluster. Exploitation requires the attacker to know or guess specific victim workflow IDs and, for signal operations, signal names. This was due to a bu...

GHSA-XPG8-3HHP-P7W8 Temporal Server: attacker-controlled namespace could signal, delete, and reset workflows or activities in a victim namespace on the same cluster

A writer role user in an attacker-controlled namespace could signal, delete, and reset workflows or activities in a victim namespace on the same cluster. Exploitation requires the attacker to know or guess specific victim workflow IDs and, for signal operations, signal names. This was due to a bu...

CVE-2026-5199

The CVE-2026-5199 issue arises from a bug in Temporal Server v1.29.0 where a writer in an attacker-controlled namespace could signal, delete, or reset workflows/activities in a victim namespace on the same cluster. The root cause is that the batch activity validated the victim namespace ID but di...

CVE-2026-31838 Istio HTTP debug endpoints on port 15014 to enforce namespace-based authorization, preventing cross-namespace proxy data access.

Istio is an open platform to connect, manage, and secure microservices. Prior to 1.29.1, 1.28.5, and 1.27.8, a vulnerability in Envoy RBAC header matching could allow authorization policy bypass when policies rely on HTTP headers that may contain multiple values. An attacker could craft requests...

CVE-2026-31838 Istio HTTP debug endpoints on port 15014 to enforce namespace-based authorization, preventing cross-namespace proxy data access.

Istio is an open platform to connect, manage, and secure microservices. Prior to 1.29.1, 1.28.5, and 1.27.8, a vulnerability in Envoy RBAC header matching could allow authorization policy bypass when policies rely on HTTP headers that may contain multiple values. An attacker could craft requests...

CVE-2025-14987

When system.enableCrossNamespaceCommands is enabled on by default, the Temporal server permits certain workflow task commands e.g. StartChildWorkflowExecution, SignalExternalWorkflowExecution, RequestCancelExternalWorkflowExecution to target a different namespace than the namespace authorized at...

CVE-2025-14987

When system.enableCrossNamespaceCommands is enabled on by default, the Temporal server permits certain workflow task commands e.g. StartChildWorkflowExecution, SignalExternalWorkflowExecution, RequestCancelExternalWorkflowExecution to target a different namespace than the namespace authorized at...

CVE-2025-14987

CVE-2025-14987 : Temporal server has an Incorrect Authorization flaw when system.enableCrossNamespaceCommands is enabled (default on). The frontend validates RespondWorkflowTaskCompleted for the outer namespace, but the history service executes commands using the namespace embedded in command att...

CVE-2020-10676

In Rancher 2.x before 2.6.13 and 2.7.x before 2.7.4, an incorrectly applied authorization check allows users who have certain access to a namespace to move that namespace to a different project...