CVE-2025-14987

Name of the Vulnerable Software and Affected Versions Temporal versions through 1.29.1

Description When the system.enableCrossNamespaceCommands setting is enabled, the Temporal server allows specific workflow task commands—including StartChildWorkflowExecution, SignalExternalWorkflowExecution, and RequestCancelExternalWorkflowExecution—to operate on a namespace different from the one authorized at the gRPC boundary. The frontend authorizes RespondWorkflowTaskCompleted based on the outer request namespace, but the history service later resolves and executes the command using the namespace embedded in command attributes without re-authorizing the caller for that target namespace. This can potentially allow a worker authorized for one namespace to create, signal, or cancel workflows in another namespace.

Recommendations Update to Temporal version 1.27.4 or later. Update to Temporal version 1.28.2 or later. Update to Temporal version 1.29.2 or later.