THREAT OPS › Threat News › [NVD] CVE-2026-33186 (CRITICAL 9.1) — gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 `:path` pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the `:path` omi
[NVD] CVE-2026-33186 (CRITICAL 9.1) — gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 `:path` pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the `:path` omi
CVE-2026-33186 CVSS: 9.1 CRITICAL Published: 2026-03-20T23:16:45.180
gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 `:path` pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the `:path` omitted the mandatory leading slash (e.g., `Service/M
Indicators of compromise
- CVE-2026-33186cve
- google.golang.orgdomain
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-33186