Lucene search
K

4 matches found

Vulnrichment
Vulnrichment
added 2026/06/15 9:55 p.m.5 views

CVE-2026-48599 Authorization bypass via path binding override in elixir-grpc/grpc HTTP transcoding

Authorization Bypass Through User-Controlled Key vulnerability in elixir-grpc grpc allows authenticated attackers to access or modify resources belonging to other users by smuggling a conflicting value for any path-bound field via the query string or request body. In...

7.6CVSS5.3AI score0.00273EPSS
Exploits0References4
CVE
CVE
added 2026/06/15 9:55 p.m.19 views

CVE-2026-48599

This CVE affects elixir-grpc/grpc (HTTP transcoding) where path-bound fields can be overridden by attacker-controlled values due to Map.merge/2 precedence in Elixir.GRPC.Server.Transcode:map_request/5. The underlying issue allows an authenticated attacker to access or modify resources of other us...

7.6CVSS5.4AI score0.00273EPSS
Exploits0References4
OSV
OSV
added 2026/06/15 9:55 p.m.9 views

EEF-CVE-2026-48599 Authorization bypass via path binding override in elixir-grpc/grpc HTTP transcoding

Summary Authorization Bypass Through User-Controlled Key vulnerability in elixir-grpc grpc allows authenticated attackers to access or modify resources belonging to other users by smuggling a conflicting value for any path-bound field via the query string or request body. In...

7.6CVSS5.4AI score0.00273EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/15 9:55 p.m.34 views

CVE-2026-48599 Authorization bypass via path binding override in elixir-grpc/grpc HTTP transcoding

Authorization Bypass Through User-Controlled Key vulnerability in elixir-grpc grpc allows authenticated attackers to access or modify resources belonging to other users by smuggling a conflicting value for any path-bound field via the query string or request body. In...

7.6CVSS0.00273EPSS
Exploits0References4
Rows per page
Query Builder