CVE-2026-53430 is a HIGH severity vulnerability with a CVSS score of 8.7. The vulnerability affects the elixir-grpc grpc package, specifically versions from 0.4.0 before 1.0.0. The vulnerability is caused by improper handling of highly compressed data, also known as a data amplification vulnerability. This occurs in the GRPC.Compressor.Gzip and GRPC.Message modules, specifically in the 'Elixir.GRPC.Compre [truncated]
CVE-2026-48854 is an Allocation of Resources Without Limits or Throttling vulnerability in elixir-grpc grpc. This vulnerability allows unauthenticated attackers to exhaust the BEAM's memory and crash the server by streaming a large or slow-trickle unary request body. The issue arises from 'Elixir.GRPC.Server.Adapters.Cowboy.Handler':read_full_body/3 (lib/grpc/server/adapters/cowboy/handler.ex) accumulatin [truncated]
CVE-2026-48599 is an Authorization Bypass Through User-Controlled Key vulnerability in elixir-grpc grpc. This vulnerability allows authenticated attackers to access or modify resources belonging to other users by smuggling a conflicting value for any path-bound field via the query string or request body. The issue arises from the way 'Elixir.GRPC.Server.Transcode':map_request/5 (lib/grpc/server/transcode. [truncated]
