CVE Catalog
CVE-2026-33381
MediumCVSS 5.9Exploitation Probability (EPSS)
Low risk0.25%
15th percentile - higher than 15% of all known CVEs
Summary
When a user's access to mint tokens for a service account is revoked, it is sometimes still possible to do so for a few seconds after the event. The user will eventually lose access to do this.
Risk Assessment
The organization may be exposed to unauthorized minting of tokens, which could lead to unauthorized access to resources.
Recommendation
It is recommended to monitor and immediately cut off access to minting tokens after it has been revoked to minimize risk.
Original NVD description (English source)
When a user's access to mint tokens for a service account is revoked, it is sometimes still possible to do so for a few seconds after the event. The user will eventually lose access to do this.

