CVE-2026-40968 - Spring gRPC SecurityContext leaks across requests on authorization failure
CVE ID :CVE-2026-40968 Published : April 28, 2026, 1:42 p.m. | 50 minutes ago Description :When an authenticated user is denied access to a gRPC method, their authenticated identity remains bound to the gRPC worker thread and can be inherited by a subsequent unauthenticated request on the same
ORIGINAL SOURCE →via CVE Feed Latest
ADVERTISEMENT
⚡ STAY AHEAD
Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.
GET THE SUNDAY BRIEFING →RELATED · cyber
- [CYBER] OpenClaw Multi-Tenancy: Why a VM Per User Does Not Scale (and What Does)
- [CYBER] Be honest: How much of "Claude Mythos" is just hype?
- [CYBER] A crypto coalition releases technical proposal to save Aave users from a massive token exploit
- [CYBER] Medtronic Confirms Data Breach After ShinyHunters Claims
- [CYBER] Securing the git push pipeline: Responding to a critical remote code execution vulnerability
- [CYBER] i need help with this pltw 3.4.1 cyber security project asap please help so i dont fail :(