Listen to this Post
How GHSA-85gx-3qv6-4463 Works
- Dapr supports access control policies (ACL) for service invocation, restricting which methods an app may call on a target.
- When a request arrives, Dapr evaluates the method path against the policy before dispatching.
- The ACL and dispatch layer previously normalized the method path independently.
- The ACL used
purell.NormalizeURLString, which decodes `%XX` sequences, resolves../, and strips “ and `?` as URL delimiters. - The dispatch layer used the raw method string without any normalization.
- This mismatch allowed the ACL to authorize one path while the target app received a different one.
- For example, a request for `admin%2F..%2Fpublic` was normalized by the ACL to `public` (allowed).
- The target app, however, received `admin/../public` (denied prefix
admin/). - Attackers could use encoded path traversal (
admin%2F..%2Fpublic) to reach an allowed path while starting from a denied prefix. - Similarly, encoded fragment (
%23) or query (%3F) characters cause the ACL to evaluate a different path than what is delivered. - The gRPC API was more dangerous because it passes method strings raw — “,
?,../, and control characters are delivered literally. - No client‑side sanitization occurs in gRPC, making it the primary attack vector.
- The vulnerability affects Dapr versions 1.3.0 up to 1.15.13, 1.16.0‑rc.1 up to 1.16.13, and 1.17.0‑rc.1 up to 1.17.4.
14. Patched versions are 1.15.14, 1.16.14, and 1.17.5.
- The fix ensures that both ACL and dispatch layers use the same normalized path.
- The issue was discovered via PR 9589 (special thanks to @dbconfession78).
- An attacker who can reach the Dapr HTTP or gRPC API can exploit this bypass.
- The vulnerability requires no authentication and can be triggered remotely.
19. Exploitation does not require user interaction.
- This is a high‑severity path traversal and access control bypass vulnerability.
dailycve form
Platform: Dapr
Version: 1.3.0–1.17.4
Vulnerability: ACL Bypass
Severity: High
date: 2026-04-17
Prediction: Patch 2026-03-28
What Undercode Say:
Analytics: The mismatch between ACL normalization and raw dispatch creates a critical gap in request validation. Attackers can exploit this to call any method on a target app, bypassing all configured access policies. The gRPC vector is especially dangerous because no sanitization occurs.
Bash Commands and Codes
Check current Dapr version dapr version Upgrade to patched version (example for 1.17.5) dapr upgrade --runtime-version 1.17.5 Verify patched version dapr version | grep "Runtime version" Kubernetes upgrade (helm) helm upgrade dapr dapr/dapr --version 1.17.5
Exploit
HTTP exploit example
GET /v1.0/invoke/myapp/method/admin%2F..%2Fpublic HTTP/1.1
Host: dapr-sidecar:3500
gRPC exploit example
package dapr.proto.internals.v1;
service InvokeService {
rpc InvokeService(InvokeServiceRequest) returns (InvokeServiceResponse);
}
Set method path to "admin/../public" (no sanitization)
Protection from this CVE
- Upgrade immediately to Dapr 1.17.5, 1.16.14, or 1.15.14.
- If upgrading is not possible, disable access control policies until you can patch.
- Restrict network access to the Dapr HTTP/gRPC API (e.g., use mTLS or network policies).
- Monitor for requests containing
%2F,%2E,%23, or `%3F` in method paths. - Consider using a Web Application Firewall (WAF) to block encoded traversal patterns.
Impact
An attacker who can reach the Dapr API can call any method on any target application, bypassing all configured access policies. This leads to unauthorized data access, privilege escalation, and potential remote code execution in the invoked app. The vulnerability requires no authentication and is remotely exploitable with low complexity.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode

