What is the official website of ArcelorMittal Kryvyi Rih ?

The official website of ArcelorMittal Kryvyi Rih is http://ukraine.arcelormittal.com/.

What is ArcelorMittal Kryvyi Rih's cybersecurity risk score?

ArcelorMittal Kryvyi Rih has an AI-generated cybersecurity risk score of 760 out of 1000, indicating a Fair security posture according to Rankiteo's assessment.

How many security incidents has ArcelorMittal Kryvyi Rih experienced?

According to Rankiteo, ArcelorMittal Kryvyi Rih currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.

Has ArcelorMittal Kryvyi Rih been affected by any supply chain cyber incidents ?

According to Rankiteo, ArcelorMittal Kryvyi Rih has been affected by a supply chain cyber incident involving BE PRIME, with the incident ID BE-IBEALSARC1776666624.

Does ArcelorMittal Kryvyi Rih have SOC 2 Type 1 certification ?

According to Rankiteo, ArcelorMittal Kryvyi Rih is not certified under SOC 2 Type 1.

Does ArcelorMittal Kryvyi Rih have SOC 2 Type 2 certification ?

According to Rankiteo, ArcelorMittal Kryvyi Rih does not hold a SOC 2 Type 2 certification.

Does ArcelorMittal Kryvyi Rih comply with GDPR ?

According to Rankiteo, ArcelorMittal Kryvyi Rih is not listed as GDPR compliant.

Does ArcelorMittal Kryvyi Rih have PCI DSS certification ?

According to Rankiteo, ArcelorMittal Kryvyi Rih does not currently maintain PCI DSS compliance.

Does ArcelorMittal Kryvyi Rih comply with HIPAA ?

According to Rankiteo, ArcelorMittal Kryvyi Rih is not compliant with HIPAA regulations.

Does ArcelorMittal Kryvyi Rih have ISO 27001 certification ?

According to Rankiteo,ArcelorMittal Kryvyi Rih is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.

Which industry does ArcelorMittal Kryvyi Rih operate in ?

ArcelorMittal Kryvyi Rih operates primarily in the Mining industry.

How many employees does ArcelorMittal Kryvyi Rih have ?

ArcelorMittal Kryvyi Rih employs approximately 850 people worldwide.

Does ArcelorMittal Kryvyi Rih own any subsidiaries ?

ArcelorMittal Kryvyi Rih presently has no subsidiaries across any sectors.

How many LinkedIn followers does ArcelorMittal Kryvyi Rih have ?

ArcelorMittal Kryvyi Rih's official LinkedIn profile has approximately 9,216 followers.

What is the NAICS classification code for ArcelorMittal Kryvyi Rih ?

ArcelorMittal Kryvyi Rih is classified under the NAICS code 212, which corresponds to Mining (except Oil and Gas).

Does ArcelorMittal Kryvyi Rih have a Crunchbase profile ?

No, ArcelorMittal Kryvyi Rih does not have a profile on Crunchbase.

Does ArcelorMittal Kryvyi Rih have a LinkedIn profile ?

Yes, ArcelorMittal Kryvyi Rih maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/arcelormittal-kryvyi-rih.

How many cybersecurity incidents has ArcelorMittal Kryvyi Rih experienced ?

As of June 16, 2026, Rankiteo reports that ArcelorMittal Kryvyi Rih has experienced 1 cybersecurity incidents.

How many peer or competitor companies does ArcelorMittal Kryvyi Rih have ?

ArcelorMittal Kryvyi Rih has an estimated 3,801 peer or competitor companies worldwide.

What types of cybersecurity incidents has ArcelorMittal Kryvyi Rih faced ?

Incident Types: The types of cybersecurity incidents that have occurred include Cyber Attack.

NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop

WindowsmacOSLinux

Download

Badge your company to reduce your risk score and your cyber insurance costs!

Link verified badges to your company page to build trust with insurers and customers.

Apply now and get your badge!

Internal validation & live display

Insurers and partners see a safer profile

Faster underwriting decisions

Trusted by insurers. Chosen by leaders.

Proud contributor to the Society of Actuaries.

AKR

Boost Score +25 with badge (5 left)

760

/1000

Fair

785

/1000

Fair

ArcelorMittal Kryvyi Rih Vendor Cyber Rating & Cyber Score

arcelormittal.com

Add Your Compliance Badge

Public Joint Stock Company ArcelorMittal Kryvyi Rih is the largest enterprise of Mining and Steel Complex of Ukraine and part of the international company ArcelorMittal, a major world’s steel producer. It is also the largest foreign investment in the country with 10,6 bn USD invested in Ukrainian economy to date. PJSC ArcelorMittal Kryvyi Rih is a full-cycle steel plant, which consists of the coke and by-product plant, ore mining (open pits and underground ore mining) and steel production comprising sinter and blast furnace, steel and rolled departments. PJSC ArcelorMittal Kryvyi Rih, one of the biggest rolled steel producers in Ukraine, specializes in long products – rebar and wire rod from ordinary and light alloyed steels, as

AKR A.I CyberSecurity Scoring

Scoring History

AKR

ArcelorMittal Kryvyi Rih CyberSecurity News & History

Past Incidents

Attack Types

Entity

Type

Severity

Impact

Seen

Blog Details

Supply Chain Source

Incident Details

View

ArcelorMittal

Cyber Attack

100

4/2026

BE PRIME

BE-IBEALSARC177...

Loading…

A.I.

AKR Company Scoring based on AI Models

Cyber Incidents Likelihood 3 - 6 - 9 months

Actual

Prediction

Incident Predictions locked

Access Monitoring Plan

A.I Risk Score Likelihood 3 - 6 - 9 months

Actual

Prediction A

Prediction B

Prediction C

Prediction D

A.I. Risk Score Predictions locked

Access Monitoring Plan

Loading…

Underwriter Stats for AKR

Incidents vs Mining Industry Avg (This Year)

No incidents recorded for ArcelorMittal Kryvyi Rih in 2026.

Incidents vs All-Companies Average (This Year)

No incidents recorded for ArcelorMittal Kryvyi Rih in 2026.

Incident Types AKR vs Mining Industry Avg (This Year)

No incidents recorded for ArcelorMittal Kryvyi Rih in 2026.

Incident History - AKR (X = Date, Y = Severity)

Loading…

SUBSIDIARY

ArcelorMittal Kryvyi Rih Subsidiaries

AKR

Mining

Website: http://ukraine.arcelormittal.com/

Company Size: 10,001+ employees

ArcelorMittalMining

ArcelorMittal BrasilMining

ArcelorMittal Long Carbon LATAMMining

ArcelorMittal Aços PlanosMining

ArcelorMittal SistemasIT Services and IT Consulting

AçolabMineração

Fundação ArcelorMittalMineração

Programa iNO.VC ArcelorMittalMineração

ArcelorMittal South AfricaPrimary Metal Manufacturing

ArcelorMittal EuropeMining

IT Graduate Program 2023: ArcelorMittal Europe – Flat ProductsExploitation minière

ArcelorMittal FranceManufacturing

ArcelorMittal AcindarMining

ArcelorMittal USAMining

ArcelorMittal BelgiumManufacturing

ArcelorMittal DofascoMining

Acciaierie d'Italia S.p.A. in A.S.Mining

ArcelorMittal Produits longs CanadaManufacturing

ArcelorMittal MéxicoPrimary Metal Manufacturing

ArcelorMittal Mines et Infrastructure CanadaMining

ArcelorMittal PolandMining

ArcelorMittal Construction FranceConstruction

ArcelorMittal Tailored Blanks North AmericaMotor Vehicle Manufacturing

ArcelorMittal Europe -Tubular ProductsMining

ArcelorMittal PowdersPrimary Metal Manufacturing

ArcelorMittal Downstream SolutionsPrimary Metal Manufacturing

ArcelorMittal BremenMining

ArcelorMittal BD East WorkshopsMachinery Manufacturing

ArcelorMittal Engineering Products OstravaMachinery Manufacturing

ArcelorMittal Service GroupMachinery Manufacturing

ArcelorMittal Global AutomotiveMining

ArcelorMittal Energy ProjectsMining

ArcelorMittal ProjectsMining

ArcelorMittal Projects UkraineГірнича промисловість

ArcelorMittal Projects ExosunRenewable Energy Semiconductor Manufacturing

ArcelorMittal Foundation SolutionsBuilding Materials

ArcelorMittal OstravaMining

Constructalia – ArcelorMittal steel for constructionConstruction

Loading…

ArcelorMittal Kryvyi Rih Similar Companies

Tata Steel

tatasteel.com

Tata Steel group is among the top global steel companies with an annual crude steel capacity of 34 million tonnes per annum. It is one of the world's most geographically-diversified steel producers, with operations and commercial presence across the world. The group (excluding SEA operations) recorded a consolidated turnover of US $19.7 billion in the financial year ending March 31, 2020. A Great Place to Work-CertifiedTM organisation, Tata Steel Ltd., together with its subsidiaries, associates and joint ventures, is spread across five continents with an employee base of over 65,000. Tata Steel has been a part of the DJSI Emerging Markets Index since 2012 and has been consistently ranked amongst top 5 steel companies in the DJSI Corporate Sustainability Assessment since 2016. Besides being a member of ResponsibleSteelTM and worldsteel’s Climate Action Programme, Tata Steel has won several awards and recognitions including the World Economic Forum’s Global Lighthouse recognition for its Kalinganagar Plant - a first in India, and Prime Minister’s Trophy for the best performing integrated steel plant for 2016-17. The Company, ranked as India’s most valuable Metals & Mining brand by Brand Finance, received the ‘Honourable Mention’ at the National CSR Awards 2019, Steel Sustainability Champion 2019 by worldsteel, CII Greenco Star Performer Award 2019, ‘Most Ethical Company’ award 2020 from Ethisphere Institute, Best Risk Management Framework & Systems Award (2020) by CNBC TV-18, and Award for Excellence in Financial Reporting FY20 by ICAI, among several others. To know more, visit www.tatasteel.com and www.wealsomaketomorrow.com.

ArcelorMittal

arcelormittal.com

ArcelorMittal is the world's leading steel and mining company, with a presence in more than 60 countries and an industrial footprint in 18 countries. Guided by a philosophy to produce safe, sustainable steel, we are the leading supplier of quality steel in the major global steel markets including automotive, construction, household appliances and packaging, with world-class research and development and outstanding distribution networks. Through our core values of sustainability, quality and leadership, we operate responsibly with respect to the health, safety and wellbeing of our employees, contractors and the communities in which we operate. For us, steel is the fabric of life, as it is at the heart of the modern world from railways to cars and washing machines. We are actively researching and producing steel-based technologies and solutions that make many of the products and components we use in our everyday lives more energy-efficient. We are one of the world’s five largest producers of iron ore and metallurgical coal and our mining business is an essential part of our growth strategy. With a geographically diversified portfolio of iron ore and coal assets, we are strategically positioned to serve our network of steel plants and the external global market.

BHP

cb bhp.com

We are supplying the resources the world needs to help build a better, clearer future. Copper for renewable energy. Potash for sustainable farming. Iron ore and metallurgical coal for the steel needed for global infrastructure and the energy transition. #FutureIsClear Across our global operations, we are committed to working in ways that are true to our BHP Charter values of Sustainability, Integrity, Respect, Performance, Simplicity and Accountability. Learn more about working at BHP and the exciting career opportunities that exist for professionals, undergraduates and graduates on our website: www.bhp.com.

OCP Group

ocpgroup.ma

Headquartered in Morocco, OCP Group is one of the world’s largest custodian and supplier of phosphate-based plant nutrition solutions and associated products for soil health and a leader in applied science and education. Our mission is to provide customized plant nutrition solutions for healthy food production. As an African business, we are committed to accelerating Africa’s development and south-to-south cooperation and making agriculture and food systems globally sustainable and resilient. We put farmers at the center of everything we do. Join us to help ensure a more sustainable and food secure future for all.

Sandvik

cb home.sandvik

Sandvik is a global, high-tech engineering group providing solutions that enhance productivity, profitability and sustainability for the manufacturing, mining and infrastructure industries. We are at the forefront of digitalization and focus on optimizing our customers’ processes. Our world-leading offering includes equipment, tools, services and digital solutions for machining, mining, rock excavation and rock processing. In 2024, the Sandvik Group had approximately 41,000 employees, sales in more than 150 countries and revenues of about SEK 123 billion.

Jindal Steel Ltd.

jindalsteel.in

Jindal Steel is one of India’s foremost integrated steel producers, renowned for its scale, efficiency, and commitment to excellence. Operating on a robust mine-to-metal model, the Company leverages captive resources, advanced manufacturing capabilities, and a global distribution network to deliver high-performance steel solutions. With an investment footprint exceeding USD 12 billion, Jindal Steel runs state-of-the-art facilities in Angul, Raigarh, and Patratu, and maintains strategic operations across India and Africa. Its diversified and future-ready product portfolio underpins core sectors such as infrastructure, construction, and manufacturing, powering progress through strength and sustainability. Take the next step in your career with Jindal Steel by submitting your application to our Talent Acquisition team at "[email protected]"

CSN - Companhia Siderúrgica Nacional

csn.com.br

Fundada em 1941, a CSN representa um marco no processo de industrialização do Brasil. O seu aço viabilizou a implantação das primeiras indústrias nacionais, núcleo do atual parque fabril brasileiro. Ao longo de mais de oito décadas, a CSN segue fazendo história, sendo hoje um dos mais eficientes complexos siderúrgicos integrados do mundo, com atuação em cinco segmentos estratégicos da economia: Siderurgia, Mineração, Logística, Cimentos e Energia. Atualmente, entre seus ativos, a empresa conta com uma usina siderúrgica integrada; cinco unidades industriais, sendo duas delas no exterior; minas de minério de ferro, calcário, dolomita e estanho; uma forte distribuidora de aços planos; terminais portuários; participações em ferrovias; somos a 2ª maior produtora de cimentos do Brasil, com uma capacidade de 16,3 mtpa; e temos participação em usinas hidrelétricas distribuídas pelo Brasil. Com uma gestão firme e inovadora, a empresa valoriza a força empreendedora do capital nacional e o enorme potencial brasileiro de competitividade no setor siderúrgico. Multinacional com orgulho de ser brasileira, a empresa acredita e investe no país. Com a força do trabalho de seus mais de 30 mil colaboradores, enfrenta com sucesso os desafios da economia globalizada. JUNTE-SE À CSN! A Companhia Siderúrgica Nacional busca atrair e desenvolver profissionais que se identifiquem com a sua cultura, valorizando sempre a diversidade. Venha você também fazer parte da história do maior complexo siderúrgico da América Latina, um grupo que tem como essência “fazer bem, fazer mais e fazer para sempre”.

Gerdau

gerdau.com.br

With a history spanning 122 years, Gerdau is Brazil's largest steel producer, one of the leading producers of long steel in the Americas and of special steel in the world. In Brazil, Gerdau also produces flat steel and iron ore for its own use. Gerdau also has a new business division, Gerdau Next, which fosters entrepreneurship in segments adjacent to the steel industry. Guided by its purpose of empowering people who build the future, Gerdau has operations in nine countries and over 30,000 direct and indirect employees. Gerdau is the largest recycling company in Latin America and uses scrap as an important input, with 73% of the steel it produces made from scrap. Every year, Gerdau transforms 11 million tonnes of scrap into a variety of steel products. Gerdau also is the world’s largest charcoal producer, with over 250 hectares of planted forests in the state of Minas Gerais. As a result of its sustainable production matrix, Gerdau currently has one of the industry’s lowest average greenhouse gas emissions (CO₂e), of 0.86t/CO₂e per tonne of steel, which is about half the global industry average of 1.91 t/CO₂e per tonne of steel (worldsteel). By 2031, Gerdau’s target is to reduce its carbon emissions to 0.83 t/CO₂e per tonne of steel. Gerdau’s shares are listed on the São Paulo (B3), New York (NYSE) and Madrid (Latibex) stock exchanges.

Maaden

maaden.com

Maaden is Saudi Arabia’s engine of industrial transformation and one of the world’s top ten mining giants by market cap and fastest growing globally. We’re building the future of mining, creating fully integrated value chains across gold, phosphate, bauxite, copper and beyond. Maaden’s new era of growth is at pace and scale unlike anything the industry has ever seen. We’re doubling gold production by 2030, investing SAR 420 billion ($112 billion) through 2040 and scaling world-class projects that will redefine what’s possible for Saudi mining. This isn’t evolution; it’s transformation at speed, at scale and with purpose. Since going public in 2008, Maaden has invested over SAR 120 billion ($32 billion) to build large-scale, long-life, cost-competitive operations that deliver both world-class products and strong returns. We help power Saudi Vision 2030 by making mining a key pillar of a diversified and sustainable economy beyond oil. We’re creating new industries, new jobs and new opportunities. With a team of over 8,000 people, Maaden is writing the next chapter of industrial progress in Saudi Arabia. Join us as we shape the future of mining and unearth tomorrow, together.

Loading…

NEWS

ArcelorMittal Kryvyi Rih CyberSecurity News

Latest updates, reports, and threat intel affecting the global network.

March 16, 2026 07:00 AM

Steelmaker ArcelorMittal to close more Ukraine units

Ukraine's major steelmaker ArcelorMittal Kryvyi Rih will close two rolling mills, it said on Monday, citing the energy crisis caused by...

Read Article

February 27, 2026 08:00 AM

ArcelorMittal to close its second unit in Ukraine amid Russian attacks on power sector

Ukraine's major steelmaker ArcelorMittal Kryvyi Rih is closing another of its divisions in Ukraine due to a deepening energy crisis caused...

Read Article

January 26, 2026 08:00 AM

ArcelorMittal to close unit at Ukraine plant amid green rules, Russian attacks

ArcelorMittal Kryvyi Rih, Ukraine's largest steelmaker, will close one of its production units in the second quarter, it said on Monday,...

Read Article

January 21, 2025 08:00 AM

Ukraine's ArcelorMittal boosts steel output by 70% in 2024

Ukraine's biggest steelmaker, ArcelorMittal Kryvyi Rih, increased raw steel output by almost 70% to 1.65 million metric tons in 2024,...

Read Article

September 24, 2024 07:00 AM

Despite hardships, head of Kryvyi Rih steel plant ArcelorMittal determined to keep operations running

Mauro Longobardo, CEO of ArcelorMittal Kryvyi Rih, addressed the company's current situation and future plans, noting both progress and significant obstacles.

Read Article

Loading…

CVE

Latest

Global CVEs (Not Company-Specific)

CVE-2026-53430

SUMMARY

Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in elixir-grpc grpc (GRPC.Compressor.Gzip, GRPC.Message modules) allows a denial of service via a gzip decompression bomb. This vulnerability is associated with program files lib/grpc/compressor/gzip.ex, lib/grpc/message.ex and program routines 'Elixir.GRPC.Compressor.Gzip':decompress/1, 'Elixir.GRPC.Message':from_data/2. 'Elixir.GRPC.Compressor.Gzip':decompress/1 calls :zlib.gunzip/1 directly on attacker-controlled bytes with no decompressed-size limit, ratio check, or incremental decoding. Because this module is the registered gzip GRPC.Compressor implementation, it is invoked automatically whenever an incoming gRPC frame carries the grpc-encoding: gzip header. :zlib.gunzip/1 allocates the entire decompressed result as a single binary, so a small highly compressible payload (for example a few kilobytes of zeros, which gzip compresses at roughly 1000:1) expands to multiple gigabytes inside a single call. The max_receive_message_length limit is enforced only against the already-decompressed message, so it provides no protection. An unauthenticated remote peer can send a single crafted frame to exhaust the BEAM node's heap and trigger an out-of-memory kill. This issue affects grpc: from 0.4.0 before 1.0.0.

Published

Date2026-06-15

Updated

Date2026-06-15

RISK INFORMATION (Score: )

cvss4

Base Score: 8.7

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

Exploitability

REFERENCES

CVE-2026-48854

SUMMARY

Allocation of Resources Without Limits or Throttling vulnerability in elixir-grpc grpc allows unauthenticated attackers to exhaust the BEAM's memory and crash the server by streaming a large or slow-trickle unary request body. 'Elixir.GRPC.Server.Adapters.Cowboy.Handler':read_full_body/3 (lib/grpc/server/adapters/cowboy/handler.ex) accumulates every received chunk into a single growing binary with no size cap. Additionally, when the client omits the grpc-timeout header, the per-chunk read timeout resolves to :infinity, allowing a slow-trickle client to keep the connection alive indefinitely while memory grows. A single connection is sufficient to exhaust server memory and crash the node. This issue affects grpc from 0.3.1 before 1.0.0.

Published

Date2026-06-15

Updated

Date2026-06-15

RISK INFORMATION (Score: )

cvss4

Base Score: 8.7

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

Exploitability

REFERENCES

CVE-2026-48853

SUMMARY

Deserialization of Untrusted Data and Allocation of Resources Without Limits or Throttling vulnerabilities in elixir-grpc grpc allow unauthenticated attackers to crash the BEAM node via atom table exhaustion and, when a decoded term flows into a call site that invokes it, achieve remote code execution on the server. 'Elixir.GRPC.Codec.Erlpack':decode/2 (lib/grpc/codec/erlpack.ex) calls :erlang.binary_to_term/1 on the raw gRPC message body without the :safe option, no size bound, and no type guard. Any unauthenticated peer that sends a request with Content-Type: application/grpc+erlpack can send a crafted payload that mints arbitrary new atoms (which are never garbage-collected, exhausting the bounded atom table and crashing the VM) or that encodes a fun term which, if applied anywhere downstream, executes attacker-controlled code inside the server process. This issue affects grpc from 0.4.0 before 1.0.0.

Published

Date2026-06-15

Updated

Date2026-06-15

RISK INFORMATION (Score: )

cvss4

Base Score: 9.2

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

Exploitability

REFERENCES

CVE-2026-48723

SUMMARY

The browserstack-cypress-cli is BrowserStack's CLI which allows users to run Cypress tests on BrowserStack. Versions prior to 1.36.4 are vulnerable to OS command injection via the cypress_config_file configuration parameter. In readCypressConfigUtil.js, the loadJsFile() function constructs a shell command by interpolating the user-controlled cypress_config_filepath value into a template literal, then executes it via child_process.execSync(). Shell metacharacters in the config path (specifically " and ;) allow breaking out of the quoted argument and injecting arbitrary commands. This issue has been fixed in version 1.36.6.

Published

Date2026-06-15

Updated

Date2026-06-15

RISK INFORMATION (Score: 7.8)

cvss3

Base Score: 7.8

Complexity: LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Impact Score

5.9

Exploitability

1.8

REFERENCES

CVE-2026-48599

SUMMARY

Authorization Bypass Through User-Controlled Key vulnerability in elixir-grpc grpc allows authenticated attackers to access or modify resources belonging to other users by smuggling a conflicting value for any path-bound field via the query string or request body. In 'Elixir.GRPC.Server.Transcode':map_request/5 (lib/grpc/server/transcode.ex), all three clauses use Map.merge/2 with path bindings as the first argument, giving them the lowest merge precedence. A request such as GET /users/me/profile?user_id=victim (or a POST with {"user_id": "victim"} when body: "*") yields a decoded protobuf struct where the path-bound field carries the attacker-supplied value rather than the router-extracted value. Any handler that uses the path-bound field for authorization, multi-tenancy scoping, or ownership checks is silently bypassed. This issue affects grpc from 0.8.0 before 1.0.0.

Published

Date2026-06-15

Updated

Date2026-06-15

RISK INFORMATION (Score: )

cvss4

Base Score: 7.6

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

Exploitability

REFERENCES

Loading…

API

Access Data Using Our API

Get company history

curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?
linkedin_id=axa' -H 'apikey: YOUR_API_KEY_HERE'

Try It API Documentation Rapid

MEASURE

What Do We Measure ?

Incident

Finding

Grade

Digital Assets

Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.

These are some of the factors we use to calculate the overall score:

Network SecurityIdentify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.

SBOM (Software Bill of Materials)Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.

CMDB (Configuration Management Database)Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.

Threat IntelligenceLeverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.

Rankiteo

By Rankiteo

★ ★ ★ ★ ★

View on G2.com

Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.

View latest plans →View all security reports →

MILESTONEG

Users
Love Us

Loading…