PT-2026-41018 · Gradient · Gradient

·

CVE-2026-44592

·

Published

2026-05-14

·

Updated

2026-05-14

CVSS v3.1

9.4

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
Name of the Vulnerable Software and Affected Versions Gradient versions prior to 1.1.1
Description When the GRADIENT DISCOVERABLE variable is set to true, an unauthenticated user can register as a worker by sending a new worker UUID to the /proto endpoint. This allows the user to obtain a session with PeerAuth::Open permissions, enabling them to view jobs from all organizations and upload arbitrary store paths into nar storage and the cached path table using NarPush or NarUploaded functions.
Recommendations Update to version 1.1.1. Set the GRADIENT DISCOVERABLE variable to false to prevent unauthorized worker registration.

Exploit

Fix

Insufficient Verification of Data Authenticity

Missing Authorization

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-44592
GHSA-49W6-GF3P-96M2

Affected Products

Gradient