CVE-2026-33186 โ gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3โฆ
๐จ CVE-2026-33186 gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 :path pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the :path omitted t
Authorization bypass via missing leading slash in :path
github.com
What This Means For You
- Affects Google ecosystem โ review Chrome/Android/GCP deployments.
- New vulnerability disclosed โ verify if your stack is exposed.
- Supply chain risk โ audit dependencies and third-party integrations.
Related ATT&CK Techniques
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-33186 | Vulnerability | CVE-2026-33186 |
๐
Get the full picture on this threat
Use /org to search affected organizations, generate IOC briefs with /brief, and set watchlist alerts โ inside Telegram.
Try Intel Bot โ
Source & Attribution
| Source Platform | Telegram |
| Channel | CVE Notify |
| Channel ID | 1129491012 |
| Message ID | 158858 |
| Published | April 10, 2026 at 23:56 UTC |
| Original Link | https://github.com/grpc/grpc-go/security/advisories/GHSA-... |
This content was curated and summarized by Shimi's Cyber World for informational purposes. It is not copied or republished in full. All intellectual property rights remain with the original author and source.
Believe this infringes your rights? Submit a takedown request.