CVE-2026-33186CRITICALCVSS 9.1fixed in 1.79.32026-03-20
CVE-2026-33186 [CRITICAL] CWE-285 CVE-2026-33186: gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization by
gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 `:path` pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the `:path` omitted the mandatory leading slash (e.g., `Service/Method` instead of `
cvelistv5nvd