Description
The raw message of every server-side AuthenticationException is returned to the unauthenticated remote caller in the gRPC status description. This allows an attacker to obtain information about the authentication failure, which may be useful for further attacks. Affected versions: Spring gRPC: 1.0.0 - 1.0.2 (fixed in 1.0.3). Older, unsupported versions are also affected.
INFO
Published Date :
2026-04-28T14:54:07.360Z
Last Modified :
2026-04-28T17:21:36.495Z
Source :
vmware
AFFECTED PRODUCTS
The following products are affected by CVE-2026-40969 vulnerability.
| Vendors | Products |
|---|---|
| Spring |
|
| Vmware |
|
REFERENCES
Here, you will find a curated list of external links that provide in-depth information to CVE-2026-40969.
| URL | Resource |
|---|---|
| https://spring.io/security/cve-2026-40969 |
|
CVSS Vulnerability Scoring System
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact