Auth bypass in Temporal Technologies, Inc.

CVE-2026-5199

A writer role user in an attacker-controlled namespace could signal, delete, and reset workflows or activities in a victim namespace on the same cluster. Exploitation requires the attacker to know or guess specific victim workflow ID(s) an…

Vulnerability class: IDOR (Insecure Direct Object Reference)

EPSS: 0.001 (15.8th percentile) — read the EPSS interpretation.