Description
A writer role user in an attacker-controlled namespace could signal, delete, and reset workflows or activities in a victim namespace on the same cluster. Exploitation requires the attacker to know or guess specific victim workflow ID(s) and, for signal operations, signal names. This was due to a bug introduced in Temporal Server v1.29.0 which inadvertently allowed an attacker to control the namespace name value instead of using the server's own trusted name value within the batch activity code. The batch activity validated the namespace ID but did not cross-check the namespace name against the worker's bound namespace, allowing the per-namespace worker's privileged credentials to operate on an arbitrary namespace. Exploitation requires a server configuration where internal components have cross-namespace authorization, such as deployment of the internal-frontend service or equivalent TLS-based authorization for internal identities.




This vulnerability also impacted Temporal Cloud when the attacker and victim namespaces were on the same cell, with the same preconditions as self-hosted clusters.
Published: 2026-04-01
Score: 2.3 Low
EPSS: < 1% Very Low
KEV: No
Impact: Cross‑namespace privilege escalation and disruption
Action: Patch Immediately
AI Analysis

Impact

A flaw in Temporal Server caused an attacker who has writer privileges in one namespace to supply a forged namespace name to a batch operation. The batch activity validated only the namespace ID, not the trusted server‑derived name, allowing it to act on any namespace in the cluster. With this access, the malicious user can signal, delete, or reset any workflow or activity that belongs to another namespace, giving them the ability to disrupt services, tamper with data, or deny service to affected users.

Affected Systems

Temporal Technologies’ Temporal Server software, specifically versions starting at v1.29.0 and continuing through the unpatched releases that precede the patch releases v1.29.5 and v1.30.3. Both self‑hosted clusters and Temporal Cloud installations where the attacker and victim namespaces share the same cell are susceptible.

Risk and Exploitability

The CVSS score of 2.3 rates this as a low‑severity issue, and no EPSS data or KEV listing is available. Exploitation requires the attacker to know or guess specific workflow identifiers and, for signal operations, the signal names, in addition to having an environment that enables internal cross‑namespace authorization such as an internal‑frontend service or TLS‑based internal identities. Because these conditions must be met and the vulnerability affects only privileged namespace users, the likelihood of widespread exploitation is modest, though it remains a serious concern for configurations that share a cluster across namespaces.

Generated by OpenCVE AI on April 2, 2026 at 04:33 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Temporal Server to v1.29.5 or newer, including v1.30.3, to apply the vendor patch
  • Validate that internal‑frontend or equivalent TLS‑based internal services are not enabled or are correctly restricted so that namespace names cannot be forged
  • If an upgrade cannot be performed immediately, isolate or restrict writer role access for the affected namespaces and monitor logs for unauthorized signal, delete, or reset operations
  • Review cluster configuration to ensure strict namespace validation and that internal components cannot impersonate other namespaces

Generated by OpenCVE AI on April 2, 2026 at 04:33 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-xpg8-3hhp-p7w8 Temporal Server: attacker-controlled namespace could signal, delete, and reset workflows or activities in a victim namespace on the same cluster
History

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Temporal
Temporal temporal
Vendors & Products Temporal
Temporal temporal

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description A writer role user in an attacker-controlled namespace could signal, delete, and reset workflows or activities in a victim namespace on the same cluster. Exploitation requires the attacker to know or guess specific victim workflow ID(s) and, for signal operations, signal names. This was due to a bug introduced in Temporal Server v1.29.0 which inadvertently allowed an attacker to control the namespace name value instead of using the server's own trusted name value within the batch activity code. The batch activity validated the namespace ID but did not cross-check the namespace name against the worker's bound namespace, allowing the per-namespace worker's privileged credentials to operate on an arbitrary namespace. Exploitation requires a server configuration where internal components have cross-namespace authorization, such as deployment of the internal-frontend service or equivalent TLS-based authorization for internal identities. This vulnerability also impacted Temporal Cloud when the attacker and victim namespaces were on the same cell, with the same preconditions as self-hosted clusters.
Title Cross Namespace Access via Batch Operation
Weaknesses CWE-639
References
Metrics cvssV4_0

{'score': 2.3, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L/S:N/AU:Y/R:U/RE:M'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Subscriptions

Temporal Temporal
cve-icon MITRE

Status: PUBLISHED

Assigner: Temporal

Published:

Updated: 2026-04-01T18:24:50.983Z

Reserved: 2026-03-30T23:48:01.861Z

Link: CVE-2026-5199

cve-icon Vulnrichment

Updated: 2026-04-01T18:24:45.717Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-01T18:16:31.703

Modified: 2026-04-03T16:10:52.680

Link: CVE-2026-5199

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-02T20:16:55Z

Weaknesses