ANT-2026-DJBBBBPE · temporalio/temporal

broken-access-control critical

CVE-2026-5199

Severity Claude critical · Security research firm - · Maintainer -

Discovered by Claude Mythos Preview

REPORT

The report below was sent to the maintainer and sealed at approval.

ANT-2026-DJBBBBPE: Cross-namespace manipulation (including deletion) of workflows on the same cluster

Workflows can be manipulated or deleted across namespace boundaries within the same cluster.

Target

Project: temporalio/temporal
Discovery: static analysis — not yet dynamically reproduced

Technical Details

checkNamespaceID() at activities.go:283 only compares batchParams.NamespaceId to a.namespaceID; the redundant batchParams.Request.Namespace field is never checked and is then used verbatim in frontendClient.SignalWorkflowExecution / DeleteWorkflowExecution / etc. Because frontendClient dials internal-frontend, whose noopClaimMapper.GetClaims returns &Claims{System: RoleAdmin} unconditionally, the server-side component acts as a confused deputy executing privileged operations against an attacker-chosen namespace.

Reproduction

This finding was identified by static analysis and has not yet been dynamically reproduced. The Technical Details section above describes the code path; a trigger input is not included.

[No reproducer or sanitizer output attached — request from cvd@anthropic.com if needed.]

Acknowledgement

This vulnerability was discovered by Claude, Anthropic's AI assistant, and triaged by the Anthropic security team in collaboration with Anthropic Research. Please direct questions to security-cvd@anthropic.com and reference ANT-2026-DJBBBBPE.

Reference: ANT-2026-DJBBBBPE
Anthropic CVD Policy: https://anthropic.com/security/cvd-policy

TIMELINE

Dates from discovery through public reveal.

  1. 2026-03-29 Reported to tracker
  2. 2026-04-15 Patch released
  3. 2026-05-08 Sent to maintainer
  4. 2026-05-08 Maintainer acknowledged
  5. 2026-05-20 Publicly revealed
PROVENANCE

SHA-3-512 hash:

6f20094036e4b8c066b9a2f033c4e59b99f883e623acbb0256d7ce0310528a13c03d24f7d1f5a1817de5b29e350a97a62ead6a93eb9a92e6881fb17052a7d2e4

Committed 2026-05-08 09:37 PT

Revealed 2026-05-20 00:40 PT

Verify (download preimage.json)

Show preimage JSON 
{
  "ant_id": "ANT-2026-DJBBBBPE",
  "bug_class": "Broken Access Control",
  "claude_severity": "critical",
  "commit_sha": null,
  "created_at": "2026-03-29T20:43:54+00:00",
  "description": "Workflows can be manipulated or deleted across namespace boundaries within the same cluster.",
  "discovered_at": "2026-03-22T00:00:00+00:00",
  "location": null,
  "poc_sha256": null,
  "preimage_version": 1,
  "project": "temporalio/temporal",
  "reproduction": null,
  "technical_details": "checkNamespaceID() at activities.go:283 only compares batchParams.NamespaceId to a.namespaceID; the redundant batchParams.Request.Namespace field is never checked and is then used verbatim in frontendClient.SignalWorkflowExecution / DeleteWorkflowExecution / etc. Because frontendClient dials internal-frontend, whose noopClaimMapper.GetClaims returns &Claims{System: RoleAdmin} unconditionally, the server-side component acts as a confused deputy executing privileged operations against an attacker-chosen namespace.",
  "title": "Cross-namespace manipulation (including deletion) of workflows on the same cluster",
  "vendor_severity": null
}