PT-2026-26207 · Google+1 · Grpc-Go+1

Mariuszmaik

·

Published

2026-03-18

·

Updated

2026-07-10

·

CVE-2026-33186

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions: gRPC-Go versions prior to 1.79.3
Description: gRPC-Go is vulnerable to an authorization bypass due to improper input validation of the HTTP/2 :path pseudo-header. The server incorrectly routes requests with missing leading slashes in the :path header, allowing attackers to bypass authorization checks if relying on path-based authorization interceptors (like grpc/authz) with a 'deny' rule for canonical paths and a fallback 'allow' rule. An attacker can exploit this by sending raw HTTP/2 frames with malformed :path headers directly to the gRPC server. There have been reports of increased actor activities targeting gRPC-Go (CVE-2026-33186).
Recommendations: Upgrade to gRPC-Go version 1.79.3 or later. As a temporary workaround, implement a validating interceptor to reject requests with malformed paths, enforce infrastructure-level normalization of the :path header, or harden authorization policies to a 'default deny' posture.

Exploit

Fix

Improper Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

ALSA-2026:19135
ALSA-2026:19353
BDU:2026-04598
CLEANSTART-2026-AC01087
CLEANSTART-2026-AD71344
CLEANSTART-2026-AE87452
CLEANSTART-2026-AM88528
CLEANSTART-2026-AP10784
CLEANSTART-2026-AP81168
CLEANSTART-2026-AP92343
CLEANSTART-2026-AP95632
CLEANSTART-2026-AQ65185
CLEANSTART-2026-AT91215
CLEANSTART-2026-AX33738
CLEANSTART-2026-BA09462
CLEANSTART-2026-BA41349
CLEANSTART-2026-BB83999
CLEANSTART-2026-BD18029
CLEANSTART-2026-BD19566
CLEANSTART-2026-BG69533
CLEANSTART-2026-BH97849
CLEANSTART-2026-BK28579
CLEANSTART-2026-BM53321
CLEANSTART-2026-BM78291
CLEANSTART-2026-BN28456
CLEANSTART-2026-BS27946
CLEANSTART-2026-BU39038
CLEANSTART-2026-BU65096
CLEANSTART-2026-BX78383
CLEANSTART-2026-BY59711
CLEANSTART-2026-CB00984
CLEANSTART-2026-CC08450
CLEANSTART-2026-CD13174
CLEANSTART-2026-CE02533
CLEANSTART-2026-CF63743
CLEANSTART-2026-CG86499
CLEANSTART-2026-CI59834
CLEANSTART-2026-CN27900
CLEANSTART-2026-CN84623
CLEANSTART-2026-CO68219
CLEANSTART-2026-CP95927
CLEANSTART-2026-CR00119
CLEANSTART-2026-CS02869
CLEANSTART-2026-CZ07385
CLEANSTART-2026-DA83816
CLEANSTART-2026-DA99134
CLEANSTART-2026-DB61851
CLEANSTART-2026-DH72490
CLEANSTART-2026-DK45320
CLEANSTART-2026-DM19620
CLEANSTART-2026-DM93480
CLEANSTART-2026-DO31246
CLEANSTART-2026-DP35743
CLEANSTART-2026-DQ17669
CLEANSTART-2026-DT92404
CLEANSTART-2026-DX24417
CLEANSTART-2026-EA12165
CLEANSTART-2026-EB74978
CLEANSTART-2026-EE52954
CLEANSTART-2026-EI06494
CLEANSTART-2026-EL10860
CLEANSTART-2026-EL22377
CLEANSTART-2026-EM89202
CLEANSTART-2026-EP10142
CLEANSTART-2026-ET12387
CLEANSTART-2026-EZ47382
CLEANSTART-2026-FB07695
CLEANSTART-2026-FH54780
CLEANSTART-2026-FK40318
CLEANSTART-2026-FO93349
CLEANSTART-2026-FR61696
CLEANSTART-2026-FR69458
CLEANSTART-2026-FR97108
CLEANSTART-2026-FU04414
CLEANSTART-2026-FV86809
CLEANSTART-2026-FZ55932
CLEANSTART-2026-GB02436
CLEANSTART-2026-GB46352
CLEANSTART-2026-GB83728
CLEANSTART-2026-GG06672
CLEANSTART-2026-GJ69402
CLEANSTART-2026-GK29346
CLEANSTART-2026-GM18965
CLEANSTART-2026-GM63718
CLEANSTART-2026-GN18755
CLEANSTART-2026-GN78570
CLEANSTART-2026-GQ00159
CLEANSTART-2026-GQ31133
CLEANSTART-2026-GR41888
CLEANSTART-2026-GU55430
CLEANSTART-2026-GW28934
CLEANSTART-2026-GX87608
CLEANSTART-2026-GY48351
CLEANSTART-2026-GZ11549
CLEANSTART-2026-GZ35045
CLEANSTART-2026-HA09227
CLEANSTART-2026-HB06257
CLEANSTART-2026-HC15345
CLEANSTART-2026-HE31644
CLEANSTART-2026-HF07497
CLEANSTART-2026-HJ72983
CLEANSTART-2026-HK01840
CLEANSTART-2026-HK71313
CLEANSTART-2026-HM40094
CLEANSTART-2026-HO16255
CLEANSTART-2026-HQ88036
CLEANSTART-2026-HU33730
CLEANSTART-2026-HX97842
CLEANSTART-2026-IC68874
CLEANSTART-2026-ID24148
CLEANSTART-2026-ID81656
CLEANSTART-2026-IH16568
CLEANSTART-2026-IN26303
CLEANSTART-2026-IP72442
CLEANSTART-2026-IR69938
CLEANSTART-2026-IS19112
CLEANSTART-2026-IW23933
CLEANSTART-2026-JB52011
CLEANSTART-2026-JF28061
CLEANSTART-2026-JF61842
CLEANSTART-2026-JG61689
CLEANSTART-2026-JG72006
CLEANSTART-2026-JH93057
CLEANSTART-2026-JI10303
CLEANSTART-2026-JJ09127
CLEANSTART-2026-JK52519
CLEANSTART-2026-JK59495
CLEANSTART-2026-JL47330
CLEANSTART-2026-JQ70227
CLEANSTART-2026-JV06428
CLEANSTART-2026-JV26120
CLEANSTART-2026-JY63371
CLEANSTART-2026-JY65496
CLEANSTART-2026-KA15295
CLEANSTART-2026-KC83705
CLEANSTART-2026-KJ58915
CLEANSTART-2026-KJ72865
CLEANSTART-2026-KT28044
CLEANSTART-2026-KU98579
CLEANSTART-2026-KW24478
CLEANSTART-2026-KY75084
CLEANSTART-2026-KZ96078
CLEANSTART-2026-LA07853
CLEANSTART-2026-LB23787
CLEANSTART-2026-LC01167
CLEANSTART-2026-LD15132
CLEANSTART-2026-LI47669
CLEANSTART-2026-LM43244
CLEANSTART-2026-LO63022
CLEANSTART-2026-LP76319
CLEANSTART-2026-LS00044
CLEANSTART-2026-LS12576
CLEANSTART-2026-LS30652
CLEANSTART-2026-LT10352
CLEANSTART-2026-LU21824
CLEANSTART-2026-LY39171
CLEANSTART-2026-LY88807
CLEANSTART-2026-MA32024
CLEANSTART-2026-MI12470
CLEANSTART-2026-MJ07404
CLEANSTART-2026-MJ36694
CLEANSTART-2026-MJ60235
CLEANSTART-2026-ML41879
CLEANSTART-2026-MO53190
CLEANSTART-2026-MP82813
CLEANSTART-2026-MR08661
CLEANSTART-2026-MS81166
CLEANSTART-2026-MT27167
CLEANSTART-2026-MU81308
CLEANSTART-2026-MW09143
CLEANSTART-2026-MW24969
CLEANSTART-2026-MW66533
CLEANSTART-2026-MX56097
CLEANSTART-2026-MZ00063
CLEANSTART-2026-NB78893
CLEANSTART-2026-NB83265
CLEANSTART-2026-NC32267
CLEANSTART-2026-NG28268
CLEANSTART-2026-NG75665
CLEANSTART-2026-NI04192
CLEANSTART-2026-NN77774
CLEANSTART-2026-NR54556
CLEANSTART-2026-NS33477
CLEANSTART-2026-NT80635
CLEANSTART-2026-NU38786
CLEANSTART-2026-NV37937
CLEANSTART-2026-NX54250
CLEANSTART-2026-NZ97711
CLEANSTART-2026-OF37807
CLEANSTART-2026-OH47925
CLEANSTART-2026-OI10284
CLEANSTART-2026-OJ21550
CLEANSTART-2026-OM95908
CLEANSTART-2026-OR40192
CLEANSTART-2026-OS42112
CLEANSTART-2026-OT38160
CLEANSTART-2026-OU18540
CLEANSTART-2026-OW78143
CLEANSTART-2026-OX06093
CLEANSTART-2026-OX51942
CLEANSTART-2026-PB32291
CLEANSTART-2026-PD78752
CLEANSTART-2026-PE63912
CLEANSTART-2026-PI36812
CLEANSTART-2026-PM06830
CLEANSTART-2026-PM81907
CLEANSTART-2026-PM88731
CLEANSTART-2026-PT56560
CLEANSTART-2026-PV93827
CLEANSTART-2026-PW57640
CLEANSTART-2026-PY36202
CLEANSTART-2026-QA19540
CLEANSTART-2026-QI02196
CLEANSTART-2026-QN98167
CLEANSTART-2026-QO29688
CLEANSTART-2026-QP84300
CLEANSTART-2026-QS87161
CLEANSTART-2026-QT95147
CLEANSTART-2026-QU83011
CLEANSTART-2026-QV77143
CLEANSTART-2026-QX43073
CLEANSTART-2026-QY63788
CLEANSTART-2026-RE02723
CLEANSTART-2026-RJ58492
CLEANSTART-2026-RQ86436
CLEANSTART-2026-RR25843
CLEANSTART-2026-RS39197
CLEANSTART-2026-RU00721
CLEANSTART-2026-RX06063
CLEANSTART-2026-SA98061
CLEANSTART-2026-SF31652
CLEANSTART-2026-SH14815
CLEANSTART-2026-SN90101
CLEANSTART-2026-SO13464
CLEANSTART-2026-SQ24713
CLEANSTART-2026-SQ76279
CLEANSTART-2026-SR26977
CLEANSTART-2026-SU44499
CLEANSTART-2026-SV08737
CLEANSTART-2026-SW10568
CLEANSTART-2026-SY28275
CLEANSTART-2026-SY48547
CLEANSTART-2026-TE02851
CLEANSTART-2026-TK12973
CLEANSTART-2026-TN07413
CLEANSTART-2026-TO88856
CLEANSTART-2026-TS54009
CLEANSTART-2026-TT42218
CLEANSTART-2026-UB49656
CLEANSTART-2026-UC73978
CLEANSTART-2026-UK15999
CLEANSTART-2026-UO31069
CLEANSTART-2026-UO87758
CLEANSTART-2026-UR16550
CLEANSTART-2026-UV31684
CLEANSTART-2026-UW03847
CLEANSTART-2026-UW08576
CLEANSTART-2026-UX07516
CLEANSTART-2026-UZ17701
CLEANSTART-2026-UZ79996
CLEANSTART-2026-VD47610
CLEANSTART-2026-VD70282
CLEANSTART-2026-VI42371
CLEANSTART-2026-VI68146
CLEANSTART-2026-VJ56922
CLEANSTART-2026-VL19675
CLEANSTART-2026-VN02574
CLEANSTART-2026-VO11205
CLEANSTART-2026-VS17175
CLEANSTART-2026-VT65447
CLEANSTART-2026-VU90450
CLEANSTART-2026-VZ08395
CLEANSTART-2026-VZ76006
CLEANSTART-2026-WA14162
CLEANSTART-2026-WB12909
CLEANSTART-2026-WB89098
CLEANSTART-2026-WF25734
CLEANSTART-2026-WL14185
CLEANSTART-2026-WM95952
CLEANSTART-2026-WN01990
CLEANSTART-2026-WO87803
CLEANSTART-2026-WS58809
CLEANSTART-2026-WS85269
CLEANSTART-2026-WT35868
CLEANSTART-2026-WU90227
CLEANSTART-2026-WV75091
CLEANSTART-2026-WW41817
CLEANSTART-2026-WY13161
CLEANSTART-2026-WZ18491
CLEANSTART-2026-XB51326
CLEANSTART-2026-XC13942
CLEANSTART-2026-XE07245
CLEANSTART-2026-XI96186
CLEANSTART-2026-XJ06210
CLEANSTART-2026-XK75621
CLEANSTART-2026-XN15507
CLEANSTART-2026-XO18404
CLEANSTART-2026-XQ84127
CLEANSTART-2026-XU81487
CLEANSTART-2026-YA34975
CLEANSTART-2026-YB55927
CLEANSTART-2026-YF74364
CLEANSTART-2026-YG63570
CLEANSTART-2026-YG71543
CLEANSTART-2026-YG75447
CLEANSTART-2026-YH23797
CLEANSTART-2026-YK91867
CLEANSTART-2026-YL47233
CLEANSTART-2026-YM45607
CLEANSTART-2026-YM63226
CLEANSTART-2026-YP16651
CLEANSTART-2026-YR07499
CLEANSTART-2026-YV44838
CLEANSTART-2026-YW98740
CLEANSTART-2026-YY48565
CLEANSTART-2026-YY57430
CLEANSTART-2026-YY85909
CLEANSTART-2026-YZ90223
CLEANSTART-2026-ZD19143
CLEANSTART-2026-ZD29280
CLEANSTART-2026-ZI02697
CLEANSTART-2026-ZK33776
CLEANSTART-2026-ZM74354
CLEANSTART-2026-ZN45188
CLEANSTART-2026-ZQ16088
CLEANSTART-2026-ZR76960
CLEANSTART-2026-ZU09124
CLEANSTART-2026-ZU10048
CLEANSTART-2026-ZU36487
CLEANSTART-2026-ZW09225
CLEANSTART-2026-ZW38648
CVE-2026-33186
GHSA-P77J-4MVH-X3M3
GO-2026-4762
OESA-2026-1866
OESA-2026-1887
OPENSUSE-RU-2026:21160-1
OPENSUSE-SU-2026:10407-1
OPENSUSE-SU-2026:10419-1
OPENSUSE-SU-2026:10420-1
OPENSUSE-SU-2026:10432-1
OPENSUSE-SU-2026:10474-1
OPENSUSE-SU-2026:10484-1
OPENSUSE-SU-2026:10523-1
OPENSUSE-SU-2026:10601-1
OPENSUSE-SU-2026:10612-1
OPENSUSE-SU-2026:10613-1
OPENSUSE-SU-2026:10618-1
OPENSUSE-SU-2026:10631-1
OPENSUSE-SU-2026:10651-1
OPENSUSE-SU-2026:10690-1
OPENSUSE-SU-2026:10700-1
OPENSUSE-SU-2026:10731-1
OPENSUSE-SU-2026:10771-1
OPENSUSE-SU-2026:10902-1
OPENSUSE-SU-2026:10921-1
OPENSUSE-SU-2026:11015-1
OPENSUSE-SU-2026:11057-1
OPENSUSE-SU-2026:11075-1
OPENSUSE-SU-2026:11091-1
OPENSUSE-SU-2026:11107-1
OPENSUSE-SU-2026:11126-1
OPENSUSE-SU-2026:11150-1
OPENSUSE-SU-2026:11153-1
OPENSUSE-SU-2026:20555-1
OPENSUSE-SU-2026:20584-1
OPENSUSE-SU-2026:20603-1
OPENSUSE-SU-2026:20620-1
OPENSUSE-SU-2026:20686-1
OPENSUSE-SU-2026:20702-1
OPENSUSE-SU-2026:20730-1
OPENSUSE-SU-2026:20752-1
OPENSUSE-SU-2026:20761-1
OPENSUSE-SU-2026:20788-1
OPENSUSE-SU-2026:20809-1
OPENSUSE-SU-2026:20815-1
OPENSUSE-SU-2026:20856-1
OPENSUSE-SU-2026:20920-1
OPENSUSE-SU-2026:20921-1
OPENSUSE-SU-2026:20924-1
OPENSUSE-SU-2026:20940-1
OPENSUSE-SU-2026:20969-1
OPENSUSE-SU-2026:21010-1
OPENSUSE-SU-2026:21069-1
OPENSUSE-SU-2026:21205-1
OPENSUSE-SU-2026:21210-1
OPENSUSE-SU-2026:21213-1
OPENSUSE-SU-2026:21265-1
RHSA-2026:10107
RHSA-2026:10705
RHSA-2026:10706
RHSA-2026:18068
RHSA-2026:19135
RHSA-2026:19207
RHSA-2026:19353
RHSA-2026:19719
RHSA-2026:19720
RHSA-2026:19721
RHSA-2026:20322
RHSA-2026:20436
RHSA-2026:22450
RHSA-2026:22714
RHSA-2026:22937
RHSA-2026:23228
RHSA-2026:26997
RHSA-2026:26999
RHSA-2026:27712
RHSA-2026:27856
RHSA-2026:29079
RHSA-2026:34097
RHSA-2026:36796
SUSE-SU-2026:1194-1
SUSE-SU-2026:1195-1
SUSE-SU-2026:1197-1
SUSE-SU-2026:1198-1
SUSE-SU-2026:1200-1
SUSE-SU-2026:1205-1
SUSE-SU-2026:1208-1
SUSE-SU-2026:1314-1
SUSE-SU-2026:1395-1
SUSE-SU-2026:1411-1
SUSE-SU-2026:1524-1
SUSE-SU-2026:1951-1
SUSE-SU-2026:2101-1
SUSE-SU-2026:21115-1
SUSE-SU-2026:21128-1
SUSE-SU-2026:21210-1
SUSE-SU-2026:21272-1
SUSE-SU-2026:21370-1
SUSE-SU-2026:21490-1
SUSE-SU-2026:21560-1
SUSE-SU-2026:21630-1
SUSE-SU-2026:21732-1
SUSE-SU-2026:21756-1
SUSE-SU-2026:21793-1
SUSE-SU-2026:21803-1
SUSE-SU-2026:21827-1
SUSE-SU-2026:21849-1
SUSE-SU-2026:21870-1
SUSE-SU-2026:21989-1
SUSE-SU-2026:22050-1
SUSE-SU-2026:22051-1
SUSE-SU-2026:22053-1
SUSE-SU-2026:22065-1
SUSE-SU-2026:22066-1
SUSE-SU-2026:22074-1
SUSE-SU-2026:22075-1
SUSE-SU-2026:22101-1
SUSE-SU-2026:22128-1
SUSE-SU-2026:22133-1
SUSE-SU-2026:22141-1
SUSE-SU-2026:22242-1
SUSE-SU-2026:22249-1
SUSE-SU-2026:22328-1
SUSE-SU-2026:22376-1
SUSE-SU-2026:22423-1
SUSE-SU-2026:2243-1
SUSE-SU-2026:22442-1
SUSE-SU-2026:2258-1
SUSE-SU-2026:2265-1
SUSE-SU-2026:2347-1
SUSE-SU-2026:2400-1
SUSE-SU-2026:2401-1
SUSE-SU-2026:2438-1
SUSE-SU-2026:2466-1
SUSE-SU-2026:2493-1
SUSE-SU-2026:2581-1
SUSE-SU-2026:2609-1
SUSE-SU-2026:2611-1
SUSE-SU-2026:2612-1
SUSE-SU-2026:2639-1
SUSE-SU-2026:2640-1
SUSE-SU-2026:2665-1

Affected Products

Rocky Linux
Grpc-Go