CVE-2024-49587: The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error. in Palantir com.palantir.gotham:glutton
CVE-2024-49587 is a critical vulnerability in Palantir Gotham's Glutton V1 service where authentication was bypassed due to exposed endpoints lacking any authentication controls. This flaw allowed unauthorized users to directly access the Glutton backend, enabling them to read, update, or delete sensitive data without permission. The vulnerability has a CVSS score of 9. 1, indicating a high-impact, network-exploitable issue that requires no user interaction or privileges. Palantir has patched the vulnerability and deployed the fix automatically to all Apollo-managed Gotham instances. Although no known exploits are currently reported in the wild, the exposure of sensitive backend services poses a significant risk to organizations using Gotham. European organizations using Palantir Gotham should prioritize patching and verifying their deployments to prevent unauthorized data access or manipulation. Countries with significant Palantir Gotham adoption, especially those with critical infrastructure or government use, are at higher risk. Immediate mitigation and monitoring are essential to reduce potential damage from exploitation.
AI Analysis
Technical Summary
CVE-2024-49587 is a critical security vulnerability affecting the Glutton V1 service component within Palantir's Gotham platform. The root cause is that Glutton service endpoints were exposed without any authentication mechanism on Gotham stacks, effectively allowing unauthenticated users to interact directly with the Glutton backend. This bypass of authentication is not due to a flaw in the authentication algorithm itself but stems from a separate weakness in the implementation that left the service endpoints unprotected. As a result, attackers could perform unauthorized read, update, or delete operations on sensitive data managed by the Glutton service. The vulnerability is remotely exploitable over the network without requiring any privileges or user interaction, as reflected in its CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N). The impact on confidentiality and integrity is high, while availability is not affected. Palantir has addressed this issue by patching the affected service and automatically deploying the fix to all Apollo-managed Gotham instances, ensuring rapid remediation. No public exploits have been reported yet, but the severity and ease of exploitation make this a critical threat. Organizations using Palantir Gotham should verify their patch status and audit access controls to prevent unauthorized data manipulation.
Potential Impact
The vulnerability poses a severe risk to European organizations using Palantir Gotham, particularly those in government, defense, intelligence, and critical infrastructure sectors where Gotham is commonly deployed. Unauthorized access to the Glutton backend could lead to exposure or tampering of highly sensitive data, undermining confidentiality and data integrity. This could result in data breaches, loss of trust, regulatory penalties under GDPR, and operational disruptions if critical data is altered or deleted. The lack of authentication means attackers can exploit this remotely without credentials or user interaction, increasing the likelihood of compromise. Given Palantir's use in strategic sectors, exploitation could have national security implications and impact public safety. The automatic patch deployment reduces exposure but organizations with custom or offline deployments may remain vulnerable. Continuous monitoring for anomalous access and verification of patch application are essential to mitigate impact.
Mitigation Recommendations
1. Immediately verify that all Palantir Gotham instances, especially those managed outside Apollo, have applied the patch addressing CVE-2024-49587. 2. Conduct a thorough audit of network configurations to ensure that Glutton service endpoints are not exposed to untrusted networks or the public internet. 3. Implement strict network segmentation and firewall rules to restrict access to backend services only to authorized systems and users. 4. Enable and review detailed logging and monitoring of access to Glutton endpoints to detect any unauthorized or suspicious activity. 5. Perform a comprehensive review of access control policies within Gotham to ensure least privilege principles are enforced. 6. For organizations with custom Gotham deployments, coordinate with Palantir support to confirm patch status and receive guidance on secure configuration. 7. Incorporate this vulnerability into incident response plans and conduct tabletop exercises simulating exploitation scenarios. 8. Engage in threat intelligence sharing with industry peers and national cybersecurity centers to stay informed about any emerging exploits or related threats.
Affected Countries
United Kingdom, Germany, France, Italy, Netherlands, Belgium, Sweden, Norway, Finland
CVE-2024-49587: The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error. in Palantir com.palantir.gotham:glutton
Description
CVE-2024-49587 is a critical vulnerability in Palantir Gotham's Glutton V1 service where authentication was bypassed due to exposed endpoints lacking any authentication controls. This flaw allowed unauthorized users to directly access the Glutton backend, enabling them to read, update, or delete sensitive data without permission. The vulnerability has a CVSS score of 9. 1, indicating a high-impact, network-exploitable issue that requires no user interaction or privileges. Palantir has patched the vulnerability and deployed the fix automatically to all Apollo-managed Gotham instances. Although no known exploits are currently reported in the wild, the exposure of sensitive backend services poses a significant risk to organizations using Gotham. European organizations using Palantir Gotham should prioritize patching and verifying their deployments to prevent unauthorized data access or manipulation. Countries with significant Palantir Gotham adoption, especially those with critical infrastructure or government use, are at higher risk. Immediate mitigation and monitoring are essential to reduce potential damage from exploitation.
AI-Powered Analysis
Technical Analysis
CVE-2024-49587 is a critical security vulnerability affecting the Glutton V1 service component within Palantir's Gotham platform. The root cause is that Glutton service endpoints were exposed without any authentication mechanism on Gotham stacks, effectively allowing unauthenticated users to interact directly with the Glutton backend. This bypass of authentication is not due to a flaw in the authentication algorithm itself but stems from a separate weakness in the implementation that left the service endpoints unprotected. As a result, attackers could perform unauthorized read, update, or delete operations on sensitive data managed by the Glutton service. The vulnerability is remotely exploitable over the network without requiring any privileges or user interaction, as reflected in its CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N). The impact on confidentiality and integrity is high, while availability is not affected. Palantir has addressed this issue by patching the affected service and automatically deploying the fix to all Apollo-managed Gotham instances, ensuring rapid remediation. No public exploits have been reported yet, but the severity and ease of exploitation make this a critical threat. Organizations using Palantir Gotham should verify their patch status and audit access controls to prevent unauthorized data manipulation.
Potential Impact
The vulnerability poses a severe risk to European organizations using Palantir Gotham, particularly those in government, defense, intelligence, and critical infrastructure sectors where Gotham is commonly deployed. Unauthorized access to the Glutton backend could lead to exposure or tampering of highly sensitive data, undermining confidentiality and data integrity. This could result in data breaches, loss of trust, regulatory penalties under GDPR, and operational disruptions if critical data is altered or deleted. The lack of authentication means attackers can exploit this remotely without credentials or user interaction, increasing the likelihood of compromise. Given Palantir's use in strategic sectors, exploitation could have national security implications and impact public safety. The automatic patch deployment reduces exposure but organizations with custom or offline deployments may remain vulnerable. Continuous monitoring for anomalous access and verification of patch application are essential to mitigate impact.
Mitigation Recommendations
1. Immediately verify that all Palantir Gotham instances, especially those managed outside Apollo, have applied the patch addressing CVE-2024-49587. 2. Conduct a thorough audit of network configurations to ensure that Glutton service endpoints are not exposed to untrusted networks or the public internet. 3. Implement strict network segmentation and firewall rules to restrict access to backend services only to authorized systems and users. 4. Enable and review detailed logging and monitoring of access to Glutton endpoints to detect any unauthorized or suspicious activity. 5. Perform a comprehensive review of access control policies within Gotham to ensure least privilege principles are enforced. 6. For organizations with custom Gotham deployments, coordinate with Palantir support to confirm patch status and receive guidance on secure configuration. 7. Incorporate this vulnerability into incident response plans and conduct tabletop exercises simulating exploitation scenarios. 8. Engage in threat intelligence sharing with industry peers and national cybersecurity centers to stay informed about any emerging exploits or related threats.
Affected Countries
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Palantir
- Date Reserved
- 2024-10-16T19:09:45.689Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 69458084f063e4fadff5e82a
Added to database: 12/19/2025, 4:42:44 PM
Last enriched: 12/27/2025, 4:29:44 AM
Last updated: 2/7/2026, 6:29:44 AM
Views: 63
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2025-15491: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Post Slides
HighCVE-2025-15267: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in boldthemes Bold Page Builder
MediumCVE-2025-13463: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in boldthemes Bold Page Builder
MediumCVE-2025-12803: CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in boldthemes Bold Page Builder
MediumCVE-2025-12159: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in boldthemes Bold Page Builder
MediumActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.