CVE Catalog

CVE-2026-33381

MediumCVSS 5.9
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.25%

15th percentile - higher than 15% of all known CVEs

Summary

When a user's access to mint tokens for a service account is revoked, it is sometimes still possible to do so for a few seconds after the event. The user will eventually lose access to do this.

Risk Assessment

The organization may be exposed to unauthorized minting of tokens, which could lead to unauthorized access to resources.

Recommendation

It is recommended to monitor and immediately cut off access to minting tokens after it has been revoked to minimize risk.

Original NVD description (English source)

When a user's access to mint tokens for a service account is revoked, it is sometimes still possible to do so for a few seconds after the event. The user will eventually lose access to do this.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS