VYPR

Maven package

org.springframework.grpc/spring-grpc

pkg:maven/org.springframework.grpc/spring-grpc

Vulnerabilities (2)

  • CVE-2026-40969LowApr 28, 2026
    affected < 1.0.3fixed 1.0.3

    The raw message of every server-side AuthenticationException is returned to the unauthenticated remote caller in the gRPC status description. This allows an attacker to obtain information about the authentication failure, which may be useful for further attacks. Affected version

  • CVE-2026-40968MedApr 28, 2026
    affected < 1.0.3fixed 1.0.3

    When an authenticated user is denied access to a gRPC method, their authenticated identity remains bound to the gRPC worker thread and can be inherited by a subsequent unauthenticated request on the same thread. This may allow the subsequent user to gain escalated permissions. A