Critical

Unauthenticated access to Glutton V1 service endpoints on Palantir Gotham stacks

IdentifiersCVE-2024-49587CWE-305· Authentication Bypass by Primary…

Glutton V1 service endpoints on Palantir Gotham stacks were exposed without authentication, allowing unauthenticated network access to the Glutton backend. As a result, users without appropriate permissions could directly interact with backend endpoints and perform data operations (read/update/delete) without passing intended access controls. The affected service has been patched and the fix was automatically deployed to all Apollo-managed Gotham instances.

For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial

ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

An unauthenticated attacker with network reachability to the exposed Glutton V1 endpoints could bypass authentication and directly access the Glutton backend to read, modify, or delete data. This primarily impacts confidentiality and integrity (no availability impact was indicated in the provided content).

Mitigation

If you can’t patch tonight, do this now.

Ensure all Glutton (and other) service endpoints are not exposed without authentication; validate that only authorized users can reach sensitive backend services. Restrict network exposure of the Glutton backend endpoints to trusted networks/segments and verify access controls are enforced at the service boundary.

Remediation

Patch, then assume compromise.

Apply the vendor patch that enforces authentication on Glutton V1 service endpoints. For Apollo-managed Gotham instances, ensure the automatic deployment has been applied/confirmed across all stacks.

PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

ACTIVITY FEED

Recent activity

6 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

6 SOURCESView more in app

cvefeed high severityNews

Dec 19, 2025

CVE-2024-49587 - Glutton V1 endpoints missing authentication

A critical authentication bypass vulnerability in Glutton V1 service endpoints on Gotham stacks, allowing unauthorized users to access, modify, or delete backend data. The issue has been patched in Apollo-managed Gotham instances.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.

Start free trial

Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity5