CVE-2026-33186: Critical gRPC vulnerability in transitive dependency

[ElsaDevOps]

Hi, I wanted to flag that the current release (v5.35.0) has a critical CVE
in a transitive dependency:

• CVE: CVE-2026-33186
• Package: google.golang.org/grpc
• Current version: v1.78.0
• Fixed version: v1.79.3
• Severity: Critical
• Description: gRPC-Go has an authorization bypass via missing leading slash

This is blocking CI/CD pipelines that run Trivy vulnerability scans.
A bump of google.golang.org/grpc to v1.79.3 in go.mod should resolve it.

Thanks!

[paigefletcher1282-code]

Okay

…

On Mon, Mar 23, 2026, 4:48 PM Elsa Adjei ***@***.***> wrote: *ElsaDevOps* created an issue (TwiN/gatus#1593) <#1593> Hi, I wanted to flag that the current release (v5.35.0) has a critical CVE in a transitive dependency: - CVE: CVE-2026-33186 <https://github.com/advisories/GHSA-p77j-4mvh-x3m3> - Package: google.golang.org/grpc - Current version: v1.78.0 - Fixed version: v1.79.3 - Severity: Critical - Description: gRPC-Go has an authorization bypass via missing leading slash This is blocking CI/CD pipelines that run Trivy vulnerability scans. A bump of google.golang.org/grpc to v1.79.3 in go.mod should resolve it. Thanks! — Reply to this email directly, view it on GitHub <#1593?email_source=notifications&email_token=B7BB4JUCBMEE2MU4KUW5MPT4SGPKRA5CNFSL4Z3JMQ5C6L3HNF2C22DVMIXUS43TOVSS6NBRGIZTMMZVGIYTRJTSMVQXG33OVJZXKYTTMNZGSYTFMSSWK5TFNZ2KYZTPN52GK4S7MNWGSY3L>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/B7BB4JUTZWWYSLU735NSJBD4SGPKRAVCNFSM6AAAAACW4TZDH2VHI2DSMVQWIX3LMV43ASLTON2WKOZUGEZDGNRTGUZDCOA> . You are receiving this because you are subscribed to this thread.Message ID: ***@***.***>