cbcvebase.

Elixir-Grpc Grpc vulnerabilities

4 known vulnerabilities affecting elixir-grpc/grpc.

Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH3

Vulnerabilities

Page 1 of 1
CVE-2026-48853P2CRITICALCVSS 9.2≥ 0.4.0, < 1.0.0≥ 25bcc569fe2cc4478531a6c546c923205fc751c9, < 272a97a5ea1b46af1819f14a831fcf35fc91f9922026-06-15
CVE-2026-48853 [CRITICAL] CWE-502 CVE-2026-48853: Deserialization of Untrusted Data and Allocation of Resources Without Limits or Throttling vulnerabi Deserialization of Untrusted Data and Allocation of Resources Without Limits or Throttling vulnerabilities in elixir-grpc grpc allow unauthenticated attackers to crash the BEAM node via atom table exhaustion and, when a decoded term flows into a call site that invokes it, achieve remote code execution on the server. 'Elixir.GRPC.Codec.Erlpack':de
nvd
CVE-2026-48854P3HIGHCVSS 8.7≥ 0.3.1, < 1.0.0≥ d1abe70a6cad6dac4a3f8235d883d7c896989560, < 49e18c3ec6bb9afe2f712caad3dbab5c56a68a002026-06-15
CVE-2026-48854 [HIGH] CWE-770 CVE-2026-48854: Allocation of Resources Without Limits or Throttling vulnerability in elixir-grpc grpc allows unauth Allocation of Resources Without Limits or Throttling vulnerability in elixir-grpc grpc allows unauthenticated attackers to exhaust the BEAM's memory and crash the server by streaming a large or slow-trickle unary request body. 'Elixir.GRPC.Server.Adapters.Cowboy.Handler':read_full_body/3 (lib/grpc/server/adapters/cowboy/handler.ex) accumulates every
nvd
CVE-2026-53430P3HIGHCVSS 8.7≥ 0.4.0, < 1.0.0≥ beae6800fc8baf126f3fe7107d86a50e105275ba, < 1afbab9d57d2a3e16ca9c62ffa4923338ea96cfc2026-06-15
CVE-2026-53430 [HIGH] CWE-409 CVE-2026-53430: Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in elixir-grpc grpc ( Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in elixir-grpc grpc (GRPC.Compressor.Gzip, GRPC.Message modules) allows a denial of service via a gzip decompression bomb. This vulnerability is associated with program files lib/grpc/compressor/gzip.ex, lib/grpc/message.ex and program routines 'Elixir.GRPC.Compressor.Gzip
nvd
CVE-2026-48599P3HIGHCVSS 7.6≥ 0.8.0, < 1.0.0≥ 8aaf3d3a8c4c7b08ac65e9c6f254e0d24da1d048, < 33b6a095dbc91c6dee3c7b90893d7d74952e82e42026-06-15
CVE-2026-48599 [HIGH] CWE-639 CVE-2026-48599: Authorization Bypass Through User-Controlled Key vulnerability in elixir-grpc grpc allows authentica Authorization Bypass Through User-Controlled Key vulnerability in elixir-grpc grpc allows authenticated attackers to access or modify resources belonging to other users by smuggling a conflicting value for any path-bound field via the query string or request body. In 'Elixir.GRPC.Server.Transcode':map_request/5 (lib/grpc/server/transcode.ex), all thr
nvd
Elixir-Grpc Grpc vulnerabilities | cvebase