Platform
go
Component
go.temporal.io/server
Fixed in
1.30.4
1.29.6
1.28.4
1.28.4
CVE-2026-5724 describes an authentication bypass vulnerability within the go.temporal.io/server component. This flaw allows unauthorized access to the replication stream, potentially enabling data exfiltration. The vulnerability impacts versions before 1.28.4 and is addressed by upgrading to the patched version. A fix was released on an unspecified date.
An attacker exploiting CVE-2026-5724 can leverage network access to the frontend port to open the replication stream without authentication. While the description notes data exfiltration is possible, it's contingent on a configured replication setup. This bypass circumvents the intended security controls that typically enforce authentication and authorization for RPC calls. The potential impact includes unauthorized access to sensitive workflow data, potentially leading to data breaches and compromise of temporal workflows. The blast radius is limited to systems running the vulnerable go.temporal.io/server instance and accessible over the network.
CVE-2026-5724 was publicly disclosed on 2026-04-10. There is no indication of this vulnerability being actively exploited or listed on KEV. The EPSS score is currently unavailable, indicating a low to medium probability of exploitation. No public proof-of-concept (PoC) code has been published at the time of this writing.
Exploit Status
EPSS
0.12% (31% percentile)
CISA SSVC
The primary mitigation for CVE-2026-5724 is upgrading to version 1.28.4 or later. If an immediate upgrade is not feasible due to compatibility concerns or breaking changes, consider implementing network segmentation to restrict access to the frontend port. WAF rules can be configured to block unauthorized access to the /AdminService/StreamWorkflowReplicationMessages endpoint. Monitor network traffic for suspicious connections to the frontend port originating from untrusted sources. After upgrading, confirm the fix by attempting to access the replication stream without proper authentication and verifying that access is denied.
Update Temporal to version 1.28.4 or later to mitigate the vulnerability. The lack of authentication on the replication endpoint allows an attacker with network access to exfiltrate data. Ensure that the replication configuration is correctly configured and that the cluster is protected.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-5724 is an authentication bypass vulnerability in go.temporal.io/server where the replication stream endpoint lacks authorization, allowing unauthorized data access.
You are affected if you are running go.temporal.io/server versions prior to 1.28.4 and have replication configured.
Upgrade to version 1.28.4 or later. As a temporary workaround, restrict network access to the frontend port and implement WAF rules.
There is currently no evidence of CVE-2026-5724 being actively exploited.
Refer to the official go.temporal.io security advisories for details and updates regarding CVE-2026-5724.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your go.mod file and we'll tell you instantly if you're affected.