Spring Grpc

Submit a proposal Propose CVE/GCVE/GHSA reference

Approved changes feed: RSS · Atom

cpe:2.3:a:spring:spring_grpc:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorSpring (4c7a31af-cbd7-516f-b1ce-2d5f574797bc)
ProductSpring Grpc (4baaf210-b17e-55e9-8e85-88e4606eb112)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2026-40969 vulnerable 2026-06-03 15:23:35.353964 Spring gRPC AuthenticationException message reflected to remote client
LOW (3.7)
The raw message of every server-side AuthenticationException is returned to the unauthenticated remote caller in the gRPC status description. This allows an attacker to obtain information about the authentication failure, which may be useful for further attacks. Affected versions: Spring gRPC: 1.0.0 - 1.0.2 (fixed in 1.0.3). Older, unsupported versions are also affected.
Published: 2026-04-28T14:54:07.360Z
Updated: 2026-04-28T17:21:36.495Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2026-40968 vulnerable 2026-06-03 15:23:35.351697 Spring gRPC SecurityContext leaks across requests on authorization failure
MEDIUM (4.3)
When an authenticated user is denied access to a gRPC method, their authenticated identity remains bound to the gRPC worker thread and can be inherited by a subsequent unauthenticated request on the same thread. This may allow the subsequent user to gain escalated permissions. Affected versions: Spring gRPC: 1.0.0 - 1.0.2 (fixed in 1.0.3). Older, unsupported versions are also affected.
Published: 2026-04-28T13:42:35.525Z
Updated: 2026-04-28T14:36:35.953Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.