PT-2026-35740 · Vmware · Spring Grpc
Published
2026-04-28
·
Updated
2026-04-28
·
CVE-2026-40969
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Spring gRPC versions prior to 1.0.3
Description
Server-side
AuthenticationException raw messages are returned to unauthenticated remote callers within the gRPC status description. This information disclosure allows an attacker to obtain specific details regarding authentication failures, which can be leveraged to facilitate further attacks.Recommendations
Update to version 1.0.3.
Fix
Generation of Error Message Containing Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Spring Grpc