CVE-2026-48599
published 2026-06-15CVE-2026-48599: Authorization Bypass Through User-Controlled Key vulnerability in elixir-grpc grpc allows authenticated attackers to access or modify resources belonging to…
PriorityP348high7.6CVSS 4.0
AVNACLATPPRLUINVCHVIHVANSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EPSS
0.27%
19.0th percentile
Authorization Bypass Through User-Controlled Key vulnerability in elixir-grpc grpc allows authenticated attackers to access or modify resources belonging to other users by smuggling a conflicting value for any path-bound field via the query string or request body.
In 'Elixir.GRPC.Server.Transcode':map_request/5 (lib/grpc/server/transcode.ex), all three clauses use Map.merge/2 with path bindings as the first argument, giving them the lowest merge precedence. A request such as GET /users/me/profile?user_id=victim (or a POST with {"user_id": "victim"} when body: "*") yields a decoded protobuf struct where the path-bound field carries the attacker-supplied value rather than the router-extracted value. Any handler that uses the path-bound field for authorization, multi-tenancy scoping, or ownership checks is silently bypassed.
This issue affects grpc from 0.8.0 before 1.0.0.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| elixir-grpc | grpc | >= 0.8.0 < 1.0.0 | 1.0.0 |
| elixir-grpc | grpc | >= 8aaf3d3a8c4c7b08ac65e9c6f254e0d24da1d048 < 33b6a095dbc91c6dee3c7b90893d7d74952e82e4 | 33b6a095dbc91c6dee3c7b90893d7d74952e82e4 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No advisories linked to this vulnerability.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://cna.erlef.org/cves/CVE-2026-48599.htmlhttps://github.com/elixir-grpc/grpc/commit/33b6a095dbc91c6dee3c7b90893d7d74952e82e4https://github.com/elixir-grpc/grpc/security/advisories/GHSA-mwr4-5g34-j5cqhttps://osv.dev/vulnerability/EEF-CVE-2026-48599https://github.com/elixir-grpc/grpc/security/advisories/GHSA-mwr4-5g34-j5cq
2026-06-15
Published