What is CVE-2026-5724?

CVE-2026-5724 is a vulnerability in Temporal Technologies, Inc., classified under Missing Authentication for Critical Function. Published 2026-04-10.

Is CVE-2026-5724 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Auth bypass in Temporal Technologies, Inc.

CVE-2026-5724

The frontend gRPC server's streaming interceptor chain did not include the authorization interceptor. When a ClaimMapper and Authorizer are configured, unary RPCs enforce authentication and authorization, but the streaming AdminService/Str…

Vulnerability class: Broken Authentication

EPSS: 0.000 (11.3th percentile) — read the EPSS interpretation.

Affected products

Temporal Technologies, Inc. — versions 1.24.0

Weakness classification (CWE)

CWE-306 — Missing Authentication for Critical Function

Public proof-of-concept exploits

tibrn/CVE-2026-5724

References

github.com/temporalio/temporal/releases/tag/v1.29.6 (patch)
github.com/temporalio/temporal/releases/tag/v1.30.4 (patch)
github.com/temporalio/temporal/releases/tag/v1.28.4 (patch)

Frequently asked questions

What is CVE-2026-5724?: CVE-2026-5724 is a vulnerability in Temporal Technologies, Inc., classified under Missing Authentication for Critical Function. Published 2026-04-10.
Is CVE-2026-5724 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.