PT-2026-26207 · Google+1 · Grpc-Go+1
Mariuszmaik
·
Publicado
2026-03-18
·
Atualizado
2026-06-17
·
CVE-2026-33186
CVSS v3.1
9.8
Crítica
| Vetor base | Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Nome do Software Vulnerável e Versões Afetadas: gRPC-Go versões anteriores a 1.79.3
Descrição: gRPC-Go é vulnerável a um bypass de autorização devido à validação inadequada da entrada do pseudo-cabeçalho HTTP/2
:path. O servidor roteia incorretamente solicitações com barras iniciais ausentes no cabeçalho :path, permitindo que invasores ignorem as verificações de autorização se estiverem confiando em interceptores de autorização baseados em caminho (como grpc/authz) com uma regra 'negar' para caminhos canônicos e uma regra 'permitir' de fallback. Um invasor pode explorar isso enviando frames HTTP/2 brutos com cabeçalhos :path malformados diretamente para o servidor gRPC. Houve relatos de aumento da atividade de atores maliciosos visando o gRPC-Go (CVE-2026-33186).Recomendações: Atualize para a versão 1.79.3 ou posterior do gRPC-Go. Como solução alternativa temporária, implemente um interceptor de validação para rejeitar solicitações com caminhos malformados, aplique a normalização em nível de infraestrutura do cabeçalho
:path ou reforce as políticas de autorização para uma postura de 'negar por padrão'.Exploit
Correção
Improper Authorization
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
ALSA-2026:19135
ALSA-2026:19353
BDU:2026-04598
CLEANSTART-2026-AC01087
CLEANSTART-2026-AD71344
CLEANSTART-2026-AE87452
CLEANSTART-2026-AM88528
CLEANSTART-2026-AP81168
CLEANSTART-2026-AP92343
CLEANSTART-2026-AP95632
CLEANSTART-2026-AQ65185
CLEANSTART-2026-AT91215
CLEANSTART-2026-AX33738
CLEANSTART-2026-BA09462
CLEANSTART-2026-BB83999
CLEANSTART-2026-BD18029
CLEANSTART-2026-BD19566
CLEANSTART-2026-BG69533
CLEANSTART-2026-BH97849
CLEANSTART-2026-BK28579
CLEANSTART-2026-BM53321
CLEANSTART-2026-BN28456
CLEANSTART-2026-BS27946
CLEANSTART-2026-BU39038
CLEANSTART-2026-BU65096
CLEANSTART-2026-BY59711
CLEANSTART-2026-CB00984
CLEANSTART-2026-CC08450
CLEANSTART-2026-CD13174
CLEANSTART-2026-CE02533
CLEANSTART-2026-CF63743
CLEANSTART-2026-CG86499
CLEANSTART-2026-CI59834
CLEANSTART-2026-CN84623
CLEANSTART-2026-CO68219
CLEANSTART-2026-CP95927
CLEANSTART-2026-CR00119
CLEANSTART-2026-CS02869
CLEANSTART-2026-CZ07385
CLEANSTART-2026-DA83816
CLEANSTART-2026-DA99134
CLEANSTART-2026-DB61851
CLEANSTART-2026-DH72490
CLEANSTART-2026-DK45320
CLEANSTART-2026-DM19620
CLEANSTART-2026-DM93480
CLEANSTART-2026-DO31246
CLEANSTART-2026-DP35743
CLEANSTART-2026-DQ17669
CLEANSTART-2026-DT92404
CLEANSTART-2026-EB74978
CLEANSTART-2026-EE52954
CLEANSTART-2026-EI06494
CLEANSTART-2026-EL10860
CLEANSTART-2026-EP10142
CLEANSTART-2026-ET12387
CLEANSTART-2026-EZ47382
CLEANSTART-2026-FB07695
CLEANSTART-2026-FH54780
CLEANSTART-2026-FK40318
CLEANSTART-2026-FO93349
CLEANSTART-2026-FR61696
CLEANSTART-2026-FR69458
CLEANSTART-2026-FR97108
CLEANSTART-2026-FU04414
CLEANSTART-2026-FV86809
CLEANSTART-2026-FZ55932
CLEANSTART-2026-GB02436
CLEANSTART-2026-GB46352
CLEANSTART-2026-GB83728
CLEANSTART-2026-GG06672
CLEANSTART-2026-GJ69402
CLEANSTART-2026-GK29346
CLEANSTART-2026-GM18965
CLEANSTART-2026-GM63718
CLEANSTART-2026-GN18755
CLEANSTART-2026-GN78570
CLEANSTART-2026-GQ00159
CLEANSTART-2026-GQ31133
CLEANSTART-2026-GR41888
CLEANSTART-2026-GU55430
CLEANSTART-2026-GW28934
CLEANSTART-2026-GX87608
CLEANSTART-2026-GY48351
CLEANSTART-2026-GZ35045
CLEANSTART-2026-HA09227
CLEANSTART-2026-HB06257
CLEANSTART-2026-HC15345
CLEANSTART-2026-HE31644
CLEANSTART-2026-HF07497
CLEANSTART-2026-HJ72983
CLEANSTART-2026-HK01840
CLEANSTART-2026-HK71313
CLEANSTART-2026-HM40094
CLEANSTART-2026-HQ88036
CLEANSTART-2026-HU33730
CLEANSTART-2026-HX97842
CLEANSTART-2026-IC68874
CLEANSTART-2026-ID24148
CLEANSTART-2026-ID81656
CLEANSTART-2026-IP72442
CLEANSTART-2026-IR69938
CLEANSTART-2026-IS19112
CLEANSTART-2026-IW23933
CLEANSTART-2026-JB52011
CLEANSTART-2026-JF28061
CLEANSTART-2026-JF61842
CLEANSTART-2026-JG61689
CLEANSTART-2026-JG72006
CLEANSTART-2026-JH93057
CLEANSTART-2026-JI10303
CLEANSTART-2026-JJ09127
CLEANSTART-2026-JK52519
CLEANSTART-2026-JK59495
CLEANSTART-2026-JQ70227
CLEANSTART-2026-JV26120
CLEANSTART-2026-JY63371
CLEANSTART-2026-KA15295
CLEANSTART-2026-KC83705
CLEANSTART-2026-KJ58915
CLEANSTART-2026-KT28044
CLEANSTART-2026-KU98579
CLEANSTART-2026-KW24478
CLEANSTART-2026-KY75084
CLEANSTART-2026-LA07853
CLEANSTART-2026-LB23787
CLEANSTART-2026-LC01167
CLEANSTART-2026-LD15132
CLEANSTART-2026-LI47669
CLEANSTART-2026-LM43244
CLEANSTART-2026-LO63022
CLEANSTART-2026-LP76319
CLEANSTART-2026-LS00044
CLEANSTART-2026-LS12576
CLEANSTART-2026-LS30652
CLEANSTART-2026-LT10352
CLEANSTART-2026-LU21824
CLEANSTART-2026-LY39171
CLEANSTART-2026-LY88807
CLEANSTART-2026-MA32024
CLEANSTART-2026-MI12470
CLEANSTART-2026-MJ07404
CLEANSTART-2026-MJ36694
CLEANSTART-2026-MJ60235
CLEANSTART-2026-ML41879
CLEANSTART-2026-MO53190
CLEANSTART-2026-MP82813
CLEANSTART-2026-MS81166
CLEANSTART-2026-MT27167
CLEANSTART-2026-MU81308
CLEANSTART-2026-MW24969
CLEANSTART-2026-MW66533
CLEANSTART-2026-MX56097
CLEANSTART-2026-NB78893
CLEANSTART-2026-NB83265
CLEANSTART-2026-NC32267
CLEANSTART-2026-NG28268
CLEANSTART-2026-NG75665
CLEANSTART-2026-NI04192
CLEANSTART-2026-NN77774
CLEANSTART-2026-NR54556
CLEANSTART-2026-NS33477
CLEANSTART-2026-NT80635
CLEANSTART-2026-NV37937
CLEANSTART-2026-NX54250
CLEANSTART-2026-NZ97711
CLEANSTART-2026-OF37807
CLEANSTART-2026-OH47925
CLEANSTART-2026-OI10284
CLEANSTART-2026-OJ21550
CLEANSTART-2026-OM95908
CLEANSTART-2026-OR40192
CLEANSTART-2026-OS42112
CLEANSTART-2026-OT38160
CLEANSTART-2026-OU18540
CLEANSTART-2026-OW78143
CLEANSTART-2026-OX06093
CLEANSTART-2026-OX51942
CLEANSTART-2026-PB32291
CLEANSTART-2026-PE63912
CLEANSTART-2026-PI36812
CLEANSTART-2026-PM06830
CLEANSTART-2026-PM81907
CLEANSTART-2026-PM88731
CLEANSTART-2026-PT56560
CLEANSTART-2026-PV93827
CLEANSTART-2026-PW57640
CLEANSTART-2026-PY36202
CLEANSTART-2026-QA19540
CLEANSTART-2026-QI02196
CLEANSTART-2026-QN98167
CLEANSTART-2026-QO29688
CLEANSTART-2026-QP84300
CLEANSTART-2026-QS87161
CLEANSTART-2026-QT95147
CLEANSTART-2026-QV77143
CLEANSTART-2026-QX43073
CLEANSTART-2026-QY63788
CLEANSTART-2026-RJ58492
CLEANSTART-2026-RR25843
CLEANSTART-2026-RS39197
CLEANSTART-2026-RU00721
CLEANSTART-2026-RX06063
CLEANSTART-2026-SA98061
CLEANSTART-2026-SF31652
CLEANSTART-2026-SH14815
CLEANSTART-2026-SN90101
CLEANSTART-2026-SO13464
CLEANSTART-2026-SQ24713
CLEANSTART-2026-SR26977
CLEANSTART-2026-SU44499
CLEANSTART-2026-SV08737
CLEANSTART-2026-SY28275
CLEANSTART-2026-TE02851
CLEANSTART-2026-TK12973
CLEANSTART-2026-TN07413
CLEANSTART-2026-TO88856
CLEANSTART-2026-TS54009
CLEANSTART-2026-TT42218
CLEANSTART-2026-UB49656
CLEANSTART-2026-UK15999
CLEANSTART-2026-UO31069
CLEANSTART-2026-UO87758
CLEANSTART-2026-UR16550
CLEANSTART-2026-UV31684
CLEANSTART-2026-UW03847
CLEANSTART-2026-UW08576
CLEANSTART-2026-UX07516
CLEANSTART-2026-UZ17701
CLEANSTART-2026-UZ79996
CLEANSTART-2026-VD70282
CLEANSTART-2026-VI42371
CLEANSTART-2026-VI68146
CLEANSTART-2026-VJ56922
CLEANSTART-2026-VL19675
CLEANSTART-2026-VN02574
CLEANSTART-2026-VS17175
CLEANSTART-2026-VT65447
CLEANSTART-2026-VU90450
CLEANSTART-2026-VZ08395
CLEANSTART-2026-VZ76006
CLEANSTART-2026-WA14162
CLEANSTART-2026-WB12909
CLEANSTART-2026-WB89098
CLEANSTART-2026-WL14185
CLEANSTART-2026-WM95952
CLEANSTART-2026-WN01990
CLEANSTART-2026-WO87803
CVE-2026-33186
GHSA-P77J-4MVH-X3M3
GO-2026-4762
OESA-2026-1866
OESA-2026-1887
OPENSUSE-SU-2026:10407-1
OPENSUSE-SU-2026:10419-1
OPENSUSE-SU-2026:10420-1
OPENSUSE-SU-2026:10432-1
OPENSUSE-SU-2026:10474-1
OPENSUSE-SU-2026:10484-1
OPENSUSE-SU-2026:10523-1
OPENSUSE-SU-2026:10601-1
OPENSUSE-SU-2026:10612-1
OPENSUSE-SU-2026:10613-1
OPENSUSE-SU-2026:10618-1
OPENSUSE-SU-2026:10631-1
OPENSUSE-SU-2026:10651-1
OPENSUSE-SU-2026:10690-1
OPENSUSE-SU-2026:10700-1
OPENSUSE-SU-2026:10731-1
OPENSUSE-SU-2026:10771-1
OPENSUSE-SU-2026:10902-1
OPENSUSE-SU-2026:10921-1
OPENSUSE-SU-2026:11015-1
OPENSUSE-SU-2026:20555-1
OPENSUSE-SU-2026:20584-1
OPENSUSE-SU-2026:20603-1
OPENSUSE-SU-2026:20620-1
OPENSUSE-SU-2026:20686-1
OPENSUSE-SU-2026:20702-1
OPENSUSE-SU-2026:20730-1
OPENSUSE-SU-2026:20752-1
OPENSUSE-SU-2026:20761-1
OPENSUSE-SU-2026:20788-1
OPENSUSE-SU-2026:20809-1
OPENSUSE-SU-2026:20815-1
OPENSUSE-SU-2026:20856-1
OPENSUSE-SU-2026:20920-1
OPENSUSE-SU-2026:20921-1
OPENSUSE-SU-2026:20924-1
OPENSUSE-SU-2026:20940-1
RHSA-2026:10107
RHSA-2026:10705
RHSA-2026:10706
RHSA-2026:18068
RHSA-2026:19135
RHSA-2026:19207
RHSA-2026:19353
RHSA-2026:19719
RHSA-2026:19720
RHSA-2026:19721
RHSA-2026:20322
RHSA-2026:20436
RHSA-2026:22450
RHSA-2026:22714
SUSE-SU-2026:1194-1
SUSE-SU-2026:1195-1
SUSE-SU-2026:1197-1
SUSE-SU-2026:1198-1
SUSE-SU-2026:1200-1
SUSE-SU-2026:1205-1
SUSE-SU-2026:1208-1
SUSE-SU-2026:1314-1
SUSE-SU-2026:1395-1
SUSE-SU-2026:1411-1
SUSE-SU-2026:1524-1
SUSE-SU-2026:1951-1
SUSE-SU-2026:2101-1
SUSE-SU-2026:21115-1
SUSE-SU-2026:21128-1
SUSE-SU-2026:21210-1
SUSE-SU-2026:21272-1
SUSE-SU-2026:21370-1
SUSE-SU-2026:21490-1
SUSE-SU-2026:21560-1
SUSE-SU-2026:21630-1
SUSE-SU-2026:21732-1
SUSE-SU-2026:21756-1
SUSE-SU-2026:21793-1
SUSE-SU-2026:21803-1
SUSE-SU-2026:21827-1
SUSE-SU-2026:21849-1
SUSE-SU-2026:21870-1
SUSE-SU-2026:21989-1
SUSE-SU-2026:22050-1
SUSE-SU-2026:22051-1
SUSE-SU-2026:22053-1
SUSE-SU-2026:22065-1
SUSE-SU-2026:22066-1
SUSE-SU-2026:22074-1
SUSE-SU-2026:22075-1
SUSE-SU-2026:22101-1
SUSE-SU-2026:22128-1
SUSE-SU-2026:2243-1
SUSE-SU-2026:2258-1
SUSE-SU-2026:2265-1
SUSE-SU-2026:2347-1
SUSE-SU-2026:2400-1
SUSE-SU-2026:2401-1
SUSE-SU-2026:2438-1
Produtos afetados
Rocky Linux
Grpc-Go
Referências · 1223
- 🔥 https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/33xxx/CVE-2026-33186.json⭐ 2714 🔗 593 · Exploit
- 🔥 https://github.com/JohannesLks/CVE-2026-33186⭐ 1 · Exploit
- https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3⭐ 22960 🔗 4685 · Aviso do Fabricante
- https://github.com/grpc/grpc-go⭐ 22835 🔗 4647 · Nota
- https://github.com/grafana/alloy/releases⭐ 3023 🔗 564 · Nota
- https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-DA83816.json⭐ 1 · Nota
- https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-NG28268.json⭐ 1 · Nota
- https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-IP72442.json⭐ 1 · Nota
- https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-BY59711.json⭐ 1 · Nota
- https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-VN02574.json⭐ 1 · Nota
- https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-DM93480.json⭐ 1 · Nota
- https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-OI10284.json⭐ 1 · Nota
- https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-OF37807.json⭐ 1 · Nota
- https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-DP35743.json⭐ 1 · Nota
- https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-AQ65185.json⭐ 1 · Nota