The vulnerability arises because the streaming interceptor chain on the frontend gRPC server does not include an authorization interceptor, unlike unary RPCs which enforce authentication and authorization when ClaimMapper and Authorizer are configured. Specifically, the AdminService/StreamWorkflowReplicationMessages streaming endpoint accepts unauthenticated requests. This endpoint shares the same port as WorkflowService and cannot be disabled separately. An attacker with network access to this port could open the replication stream without credentials. However, data exfiltration is limited by the requirement that the replication target be correctly configured and that the attacker knows the cluster configuration, as the history service validates cluster IDs and peer membership before returning replication data. Temporal Cloud services are not impacted by this issue.

An attacker with network access to the frontend port can open the replication stream without authentication, potentially leading to data exfiltration. However, successful exploitation requires knowledge of the cluster configuration and a properly configured replication target. The vulnerability does not affect Temporal Cloud. The CVSS 4.0 base score is 6.3, indicating medium severity with network attack vector, low complexity, no privileges required, no user interaction, and limited confidentiality and availability impact.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since the vulnerability involves missing authorization on a critical streaming endpoint that cannot be disabled independently, monitoring vendor communications for an official fix or mitigation is recommended. Until a patch or official fix is available, restrict network access to the frontend gRPC server port to trusted entities only to reduce exposure.