CVE-2026-5199 Overview
A cross-namespace authorization bypass vulnerability exists in Temporal Server that allows a writer role user in an attacker-controlled namespace to signal, delete, and reset workflows or activities in a victim namespace on the same cluster. This vulnerability was introduced in Temporal Server v1.29.0 due to a bug that inadvertently allowed an attacker to control the namespace name value instead of using the server's own trusted name value within the batch activity code.
Critical Impact
Attackers with writer privileges can manipulate workflows across namespace boundaries, potentially disrupting critical business processes, deleting important workflow data, or resetting workflow states in victim namespaces.
Affected Products
- Temporal Server v1.29.0 through v1.29.4
- Temporal Server v1.30.0 through v1.30.2
- Temporal Cloud (when attacker and victim namespaces are on the same cell)
Discovery Timeline
- 2026-04-01 - CVE CVE-2026-5199 published to NVD
- 2026-04-01 - Last updated in NVD database
Technical Details for CVE-2026-5199
Vulnerability Analysis
This authorization bypass vulnerability (CWE-639: Authorization Bypass Through User-Controlled Key) allows authenticated users with writer role privileges to perform unauthorized operations across namespace boundaries. The flaw resides in how the batch activity code handles namespace validation, where it validates the namespace ID but fails to cross-check the namespace name against the worker's bound namespace.
The vulnerability requires specific preconditions for successful exploitation: the attacker must have writer role access to at least one namespace, know or guess specific victim workflow IDs, and for signal operations, must also know the signal names. Additionally, the server configuration must allow internal components to have cross-namespace authorization, such as when the internal-frontend service is deployed or when TLS-based authorization for internal identities is configured.
The per-namespace worker's privileged credentials can be leveraged to operate on arbitrary namespaces when these conditions are met, effectively bypassing the intended namespace isolation security model.
Root Cause
The root cause is a failure to properly validate namespace authorization within the batch activity code path. When processing batch operations, the system validates the namespace ID from the request but uses an attacker-controlled namespace name value instead of the server's trusted name value. This allows the per-namespace worker's privileged credentials—which should only operate within their bound namespace—to be misused for operations on arbitrary namespaces. The vulnerability stems from an incomplete trust boundary validation introduced in version v1.29.0.
Attack Vector
The attack is network-based and requires low privileges (writer role in any namespace on the cluster). An attacker must craft malicious batch operation requests that specify a victim namespace name while leveraging their legitimate namespace's worker credentials. The attack flow involves:
- Attacker gains writer role access to a namespace on the target Temporal cluster
- Attacker identifies or guesses workflow IDs in the victim namespace
- Attacker constructs batch activity requests that exploit the namespace name validation flaw
- The batch activity validates the namespace ID but accepts the attacker-controlled namespace name
- The per-namespace worker executes privileged operations (signal, delete, reset) on the victim namespace
The exploitation complexity is high due to the requirement of knowing specific victim workflow IDs and the need for cross-namespace authorization to be enabled in the server configuration.
Detection Methods for CVE-2026-5199
Indicators of Compromise
- Batch operations targeting workflows in namespaces different from the originating worker's bound namespace
- Unexpected workflow deletions, resets, or signal operations across namespace boundaries
- Audit logs showing writer role users accessing workflows they don't own
- Anomalous batch activity patterns from users with limited namespace access
Detection Strategies
- Enable comprehensive audit logging for all batch operations including namespace context
- Monitor for cross-namespace activity patterns where the source and target namespaces differ
- Implement alerts for batch operations that affect multiple namespaces from a single user session
- Review internal-frontend service logs for unusual cross-namespace authorization patterns
Monitoring Recommendations
- Configure real-time alerting on workflow deletion and reset operations
- Establish baseline metrics for normal batch operation patterns per namespace
- Monitor for reconnaissance activity such as repeated failed workflow access attempts
- Implement anomaly detection for signal operations targeting unknown workflow IDs
How to Mitigate CVE-2026-5199
Immediate Actions Required
- Upgrade Temporal Server to v1.29.5 or v1.30.3 immediately
- Review audit logs for any suspicious cross-namespace batch operations
- Audit writer role assignments and apply principle of least privilege
- Consider temporarily restricting batch operations if upgrade is not immediately possible
Patch Information
Temporal has released security patches addressing this vulnerability:
- Temporal Server v1.29.5 - Backport fix for v1.29.x branch
- Temporal Server v1.30.3 - Fix for v1.30.x branch
Organizations running Temporal Cloud should note that the same vulnerability affected cloud deployments when attacker and victim namespaces were on the same cell; Temporal has addressed this in their cloud infrastructure.
Workarounds
- Restrict cross-namespace authorization by limiting internal-frontend service deployment where possible
- Implement network segmentation to isolate sensitive namespaces
- Apply strict role-based access controls to minimize writer role assignments
- Enable enhanced audit logging to detect potential exploitation attempts while awaiting patching
# Configuration example
# Verify current Temporal Server version
temporal server version
# Upgrade to patched version (example using Docker)
docker pull temporalio/server:1.30.3
# Review namespace permissions
tctl namespace describe --namespace <namespace_name>
# Enable enhanced audit logging
# Add to temporal server configuration
# log:
# level: info
# audit:
# enabled: true
# operations: ["batch", "workflow-delete", "workflow-reset", "signal"]
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
