4 matches found
CVE-2026-48599 Authorization bypass via path binding override in elixir-grpc/grpc HTTP transcoding
Authorization Bypass Through User-Controlled Key vulnerability in elixir-grpc grpc allows authenticated attackers to access or modify resources belonging to other users by smuggling a conflicting value for any path-bound field via the query string or request body. In...
CVE-2026-48599
This CVE affects elixir-grpc/grpc (HTTP transcoding) where path-bound fields can be overridden by attacker-controlled values due to Map.merge/2 precedence in Elixir.GRPC.Server.Transcode:map_request/5. The underlying issue allows an authenticated attacker to access or modify resources of other us...
EEF-CVE-2026-48599 Authorization bypass via path binding override in elixir-grpc/grpc HTTP transcoding
Summary Authorization Bypass Through User-Controlled Key vulnerability in elixir-grpc grpc allows authenticated attackers to access or modify resources belonging to other users by smuggling a conflicting value for any path-bound field via the query string or request body. In...
CVE-2026-48599 Authorization bypass via path binding override in elixir-grpc/grpc HTTP transcoding
Authorization Bypass Through User-Controlled Key vulnerability in elixir-grpc grpc allows authenticated attackers to access or modify resources belonging to other users by smuggling a conflicting value for any path-bound field via the query string or request body. In...