CVE-2026-44592 - Vulnerability Analysis
CriticalCVSS: 9.4Last Updated: May 14, 2026
Gradient - Authentication Bypass
Published: May 14, 2026Updated: May 14, 2026Remote Exploitable
Overview
Gradient 1.1.0 contains an authentication bypass caused by allowing unauthenticated worker registration via /proto endpoint when GRADIENT_DISCOVERABLE=true, letting attackers register as workers with full peer access, exploit requires network access to /proto.
Severity & Score
Severity: Critical
CVSS Score: 9.4
Impact
Attackers can register as workers without credentials, gaining access to all jobs and can upload arbitrary store paths, risking data tampering and information disclosure.
Mitigation
Upgrade to version 1.1.1 or later.
Related Resources
Details
- CVE ID
- CVE-2026-44592
- Severity
- Critical
- CVSS Score
- 9.4
- Type
- broken_authentication
- Status
- new
CWE
- CWE-306
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H