CVE-2026-5199 Cross Namespace Access via Batch Operation

A writer role user in an attacker-controlled namespace could signal, delete, and reset workflows or activities in a victim namespace on the same cluster. Exploitation requires the attacker to know or guess specific victim workflow IDs and, for signal operations, signal names. This was due to a bu...

ANT-2026-DJBBBBPE · temporalio/temporal · Broken Access Control

broken-access-control critical CVE-2026-5199 Severity Claude critical · Security research firm - · Maintainer - Discovered by Claude Mythos Preview REPORT The report below was sent to the maintainer and sealed at approval. ANT-2026-DJBBBBPE: Cross-namespace manipulation including deletion of...

SUSE CVE-2023-26268

Design documents with matching document IDs, from databases on the same cluster, may share a mutable Javascript environment when using these design document functions: validatedocupdate list filter filter views using view functions as filters rewrite update This doesn't affect map/reduce or searc...

PT-2023-20577 · Apache · Apache Couchdb

Name of the Vulnerable Software and Affected Versions: Apache CouchDB versions prior to 3.2.3 Apache CouchDB versions prior to 3.3.2 Description: Design documents with matching document IDs, from databases on the same cluster, may share a mutable Javascript environment when using these design...