Vulnerability Details CVE-2026-40968
When an authenticated user is denied access to a gRPC method, their authenticated identity remains bound to the gRPC worker thread and can be inherited by a subsequent unauthenticated request on the same thread. This may allow the subsequent user to gain escalated permissions.
Affected versions:
Spring gRPC: 1.0.0 - 1.0.2 (fixed in 1.0.3). Older, unsupported versions are also affected.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 6.2%
CVSS Severity
CVSS v3 Score 4.2
References
Products affected by CVE-2026-40968
-
cpe:2.3:a:vmware:spring_grpc:0.1.0
-
cpe:2.3:a:vmware:spring_grpc:0.10.0
-
cpe:2.3:a:vmware:spring_grpc:0.11.0
-
cpe:2.3:a:vmware:spring_grpc:0.12.0
-
cpe:2.3:a:vmware:spring_grpc:0.2.0
-
cpe:2.3:a:vmware:spring_grpc:0.3.0
-
cpe:2.3:a:vmware:spring_grpc:0.4.0
-
cpe:2.3:a:vmware:spring_grpc:0.5.0
-
cpe:2.3:a:vmware:spring_grpc:0.6.0
-
cpe:2.3:a:vmware:spring_grpc:0.7.0
-
cpe:2.3:a:vmware:spring_grpc:0.8.0
-
cpe:2.3:a:vmware:spring_grpc:0.9.0
-
cpe:2.3:a:vmware:spring_grpc:1.0.0
-
cpe:2.3:a:vmware:spring_grpc:1.0.1
-
cpe:2.3:a:vmware:spring_grpc:1.0.2