What is the official website of BNP Paribas Fortis ?

The official website of BNP Paribas Fortis is http://www.bnpparibasfortis.be.

What is BNP Paribas Fortis's cybersecurity risk score?

BNP Paribas Fortis has an AI-generated cybersecurity risk score of 774 out of 1000, indicating a Fair security posture according to Rankiteo's assessment.

How many security incidents has BNP Paribas Fortis experienced?

According to Rankiteo, BNP Paribas Fortis currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.

Has BNP Paribas Fortis been affected by any supply chain cyber incidents ?

According to Rankiteo, BNP Paribas Fortis has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.

Does BNP Paribas Fortis have SOC 2 Type 1 certification ?

According to Rankiteo, BNP Paribas Fortis is not certified under SOC 2 Type 1.

Does BNP Paribas Fortis have SOC 2 Type 2 certification ?

According to Rankiteo, BNP Paribas Fortis does not hold a SOC 2 Type 2 certification.

Does BNP Paribas Fortis comply with GDPR ?

According to Rankiteo, BNP Paribas Fortis is not listed as GDPR compliant.

Does BNP Paribas Fortis have PCI DSS certification ?

According to Rankiteo, BNP Paribas Fortis does not currently maintain PCI DSS compliance.

Does BNP Paribas Fortis comply with HIPAA ?

According to Rankiteo, BNP Paribas Fortis is not compliant with HIPAA regulations.

Does BNP Paribas Fortis have ISO 27001 certification ?

According to Rankiteo,BNP Paribas Fortis is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.

Which industry does BNP Paribas Fortis operate in ?

BNP Paribas Fortis operates primarily in the Banking industry.

How many employees does BNP Paribas Fortis have ?

BNP Paribas Fortis employs approximately 12,028 people worldwide.

Does BNP Paribas Fortis own any subsidiaries ?

BNP Paribas Fortis presently has no subsidiaries across any sectors.

How many LinkedIn followers does BNP Paribas Fortis have ?

BNP Paribas Fortis's official LinkedIn profile has approximately 101,502 followers.

What is the NAICS classification code for BNP Paribas Fortis ?

BNP Paribas Fortis is classified under the NAICS code 52211, which corresponds to Commercial Banking.

Does BNP Paribas Fortis have a Crunchbase profile ?

No, BNP Paribas Fortis does not have a profile on Crunchbase.

Does BNP Paribas Fortis have a LinkedIn profile ?

Yes, BNP Paribas Fortis maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/bnpparibasfortis.

How many cybersecurity incidents has BNP Paribas Fortis experienced ?

As of June 16, 2026, Rankiteo reports that BNP Paribas Fortis has not experienced any cybersecurity incidents.

How many peer or competitor companies does BNP Paribas Fortis have ?

BNP Paribas Fortis has an estimated 7,387 peer or competitor companies worldwide.

NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop

WindowsmacOSLinux

Download

Badge your company to reduce your risk score and your cyber insurance costs!

Link verified badges to your company page to build trust with insurers and customers.

Apply now and get your badge!

Internal validation & live display

Insurers and partners see a safer profile

Faster underwriting decisions

Trusted by insurers. Chosen by leaders.

Proud contributor to the Society of Actuaries.

BPF

Boost Score +25 with badge (5 left)

774

/1000

Fair

799

/1000

Fair

BNP Paribas Fortis Vendor Cyber Rating & Cyber Score

bnpparibasfortis.be

Add Your Compliance Badge

For over 200 years, BNP Paribas Fortis has helped drive the growth and prosperity of Belgium’s economy and communities. The mission of our 12,000 colleagues is clear: be the trusted financial partner for four million individual customers, businesses and organisations. We do this by offering advice and solutions via the channels they prefer: digitally, by phone, via video call or in a bank or post office branch.

BPF A.I CyberSecurity Scoring

Scoring History

BPF

BNP Paribas Fortis CyberSecurity News & History

Past Incidents

Attack Types

Entity

Type

Severity

Impact

Seen

Blog Details

Supply Chain Source

Incident Details

View

No data available

Loading…

A.I.

BPF Company Scoring based on AI Models

Cyber Incidents Likelihood 3 - 6 - 9 months

Actual

Prediction

Incident Predictions locked

Access Monitoring Plan

A.I Risk Score Likelihood 3 - 6 - 9 months

Actual

Prediction A

Prediction B

Prediction C

Prediction D

A.I. Risk Score Predictions locked

Access Monitoring Plan

Loading…

Underwriter Stats for BPF

Incidents vs Banking Industry Avg (This Year)

No incidents recorded for BNP Paribas Fortis in 2026.

Incidents vs All-Companies Average (This Year)

No incidents recorded for BNP Paribas Fortis in 2026.

Incident Types BPF vs Banking Industry Avg (This Year)

No incidents recorded for BNP Paribas Fortis in 2026.

Incident History - BPF (X = Date, Y = Severity)

Loading…

SUBSIDIARY

BNP Paribas Fortis Subsidiaries

BPF

Banking

Website: http://www.bnpparibasfortis.be

Company Size: 10,001+ employees

BNP Paribas Fortis Private Banking & Wealth ManagementFinancial Services

BNP ParibasBanking

BNP Paribas Cash Management & Trade SolutionsFinancial Services

BNP Paribas CIBFinancial Services

BNL BNP ParibasBanking

BNP Paribas Asset ManagementFinancial Services

TEBBanking

BNP Paribas Real EstateReal Estate

BNP Paribas Personal FinanceBanking

BMCI Groupe BNP ParibasBanking

BNP Paribas - Securities ServicesFinancial Services

BNP Paribas Leasing SolutionsBanking

BNP Paribas Wealth ManagementBanking

BGL BNP ParibasBanking

BNP Paribas FactoringFinancial Services

BNP Paribas in SwitzerlandBanking

B! UP AccelerateFinancial Services

BNP Paribas EntreprisesBanking

UBCIBanking

BNP Paribas Bank PolskaBanking

BNP Paribas AbilityBanking

Entre Pros avec BNP ParibasBanking

BivwAk!Banking

B! UP ExploreFinancial Services

BNP Paribas FoundationBanking

MonDemainBanking

B-School by BNP ParibasHigher Education

Hello bank! BelgiumBanking

Loading…

BNP Paribas Fortis Similar Companies

Yapı Kredi

yapikredi.com.tr

Yapı Kredi has been sustainably strengthening its market positioning in the sector since its establishment in 1944 through a customer-centric approach and focus on innovation. Yapı Kredi is the 3rd largest private bank in Turkey with total assets worth TL 411 billion as of the end of 2019. Constantly seeking to increase its contribution to the financing of the Turkish economy with its customer-centric approach, Yapı Kredi enlarged the volume of its total cash and non-cash loans by 4% in 2019 to TL 319 billion. Thus, Yapı Kredi maintained its position in 2nd place among private banks in this respect. The Bank serves its customers with its 846 branches covering all regions of Turkey and 16,631 employees. Yapı Kredi delivers its products and services via its advanced Alternative Delivery Channels (ADCs) that comprise 4,330 ATMs, innovative internet banking, leading mobile banking, 3 call centers and approximately 709 thousand POS terminals. 94% of the Bank’s transactions went through non-branch channels as at year-end 2019. Yapı Kredi is a fully integrated financial services group supported by its domestic and international subsidiaries. Yapı Kredi serves its customers through retail banking (comprising of individual banking, Small and Medium Size Enterprises (SME) banking and card payment systems, private banking and wealth management), as well as corporate and commercial banking. The Bank’s operations are supported by domestic subsidiaries in asset management, brokerage, leasing and factoring as well as international banking subsidiaries in the Netherlands, Malta and Azerbaijan. Yapı Kredi has a strong shareholding structure which ensures sustainable and profitable growth. 40.95% of the Bank’s shares are owned by Koç Financial Services, 9.02% of the shares are owned by Koç Holding A.Ş. The total direct and indirect shares of Koç Group amount to 49.99%. 20.00% of Bank’s shares are owned by UniCredit S.P.A. The remaining 30.03% is publicly traded on Borsa Istanbul

PKO Bank Polski

cb pkobp.pl

We are the largest bank in Poland and one of the largest financial institutions in the region. Our strength rests on three strong pillars: the retail, the corporate and the investment segment. Irrespective of the unique nature of each of those areas, what joins them is the undivided attention they pay to the needs of their customers and clients, and their pursuit of superlative quality in customer service. Consistent campaigning established the “PKO Bank Polski” brand as a virtual guarantee of the right banking partner choice, one that not only delivers the relevant products and services, but also provides capable support in financial and business decisions. The professionalism and the experience of our advisers help them meet their customers’ expectations and to offer them the best available solutions. Though traditionally dedicated to retail customers, over the years PKO Bank Polski has also become a corporate finance leader of the Polish market. As at the end of 2012, the number our corporate clients exceeded 12,000. For years now, our corporate banking segment has participated in projects of major importance for the entire Polish economy. We have financed major investment projects, engaged in restructuring and recovery processes and have supported regional development through solutions dedicated to local government units. In 2012 we continued in activity that perpetuated our image of a true partner of the Polish enterprise and local government sectors, which we gained during the first wave of the financial crisis. At the heart of our corporate offer is our ability to engineer comprehensive solutions out of the products of the Bank and its Group Companies (factoring, leasing) of relevance to the differing needs of the various size companies: from small entities in the early stages of development to the largest corporates.

Equitas Small Finance Bank

cb linktr.ee

Equitas Small Finance Bank is an active member of the communities where we live and work, and a strong philanthropic partner enabling individuals, families, businesses, and entire communities in their financial aspirations with seamless banking services. We take the responsibility to be good neighbours, and are committed to our legacy of giving back to our communities. We aim at changing the way banking is imagined delivered and experienced – with Fairness & Transparency being the key drivers.

PT. BANK NEGARA INDONESIA (Persero) Tbk.

bni.co.id

Since its establishment in 1946, BNI has been part of the dynamic of national development in Indonesia. Now BNI has grown and developed into a solid national bank with a sustainable financial performance. ‘Serving the Country, the Pride of the Nation”, BNI continues to increase its contribution for the progress of the nation and country, today and in the future. As of the end of 2025, BNI operated 1 (one) Head Office, 17 Regional Offices, 10 overseas Office Networks, and 1,834 Domestic Office Networks, comprising Branch Offices, Sub-Branch Offices, and Business Centers. Of the 10 Overseas Office Networks, 6 are licensed Overseas Branch Offices, 2 are Representative Offices, 1 is an Overseas Sub-Branch, and 1 is a remittance Branch Office, strategically located across 8 key countries (USA, UK, Japan, Singapore, South Korea, Hongkong, Netherlands, and Australia). BNI always strives to be the bank of choice by providing excellent service and value added solutions to all of its customers. BNI offers integrated financial services to its customers, supported by its subsidiaries: BNI Multi Finance, BNI Securities, BNI Life Insurance, BNI Remittance, BNI Asset Management, hiBank, and BNI Ventures

BMO U.S.

bmo.com

We’re a bank, but there’s more to it than that. We're a top ten bank in North America and have been serving our customers since 1817. BMO provides personal and commercial banking, global markets and investment banking services to 13 million customers and clients.  And with over 54,000 employees, we take caring for our people seriously. When you join BMO, it opens a world of opportunities. This is a team that's committed to helping you succeed – personally and professionally. Because at BMO, when you grow, we grow. You know your worth and so do we. That’s why we offer the right mix of learning programs, on-the-job experiences, and opportunities to build personal and professional connections – so you can build a meaningful career and thrive as a part of a winning culture.   Sound like your kind of place? Then we should be co-workers.

PT Bank Rakyat Indonesia (Persero) Tbk

bri.co.id

Bank Rakyat Indonesia (BRI) adalah salah satu bank milik pemerintah yang terbesar di Indonesia. BRI didirikan di Purwokerto, Jawa Tengah oleh Raden Bei Aria Wirjaatmadja pada 16 Desember 1895. BRI telah hadir lebih dari 129 tahun memberi pelayanan terbaik bagi seluruh lapisan masyarakat, BRI turut andil dalam upaya membangun negeri dan Memberi Makna Indonesia. Didukung oleh 8.200 lebih jaringan kantor, 686,128 jaringan e-channel, 1.064.219 Agen BRILink serta jaringan satelit BRIsat, membuat BRI terus berusaha menjadi yang pertama dalam mendukung perekonomian masyarakat. Melalui visi "The Most Trusted Lifetime Financial Partner for Sustainable Growth” menjadikan BRI fokus pada pengembangan SDM unggul, berkarakter kuat, dan ber-AKHLAK. Sebagai bentuk komitmen BRI dalam memberikan economic value bagi Negara, tahun 2024 BRI telah memberikan setoran Dividen terbesar diantara BUMN lainnya sebesar Rp. 25.1 Triliun. Kinerja BRI terus tumbuh dan berkelanjutan. Terbukti pada tahun 2024 BRI berhasil membukukan laba sebesar Rp60,64 Triliun dan menjadi Bank dengan laba terbesar di Indonesia. BRI tidak hanya tempat bekerja, tapi tempat kamu Belajar, Bertumbuh, dan Berkontribusi mengoptimalkan semua potensi terbaikmu untuk semua nasabah BRI. BRI dan Seluruh Insan BRILiaN, Siap Memberi Makna Indonesia.

BNP Paribas

bnpp.lk

BNP Paribas is a leading bank in Europe with an international reach. It has a presence in 64 countries, with more than 178,000 employees, including more than 144,000 in Europe. BNP Paribas holds leading positions in its three major operating divisions: ⚆ Commercial, Personal Banking & Services for all the Group’s retail banking networks and several specialised businesses, including BNP Paribas Personal Finance and Arval; ⚆ Investment & Protection Services for savings, investment and protection solutions; ⚆ Corporate & Institutional Banking, which is focused on corporate and institutional clients. The Group helps all its clients (individuals, community associations, entrepreneurs, SMEs, corporates and institutional clients) to realise their projects through solutions spanning financing, investment, savings and protection insurance. In Europe, the Group has four domestic markets (Belgium, France, Italy and Luxembourg) and BNP Paribas Personal Finance is the European leader in consumer lending. BNP Paribas is rolling out its integrated retail-banking model in Mediterranean countries, in Turkey, in Eastern Europe and a large network in the western part of the United States. In its Corporate & Institutional Banking and Investment & Protection Services activities, BNP Paribas also enjoys top positions in Europe, a strong presence in the Americas as well as a solid and fast-growing business in Asia-Pacific. To learn more about our social media terms and Data Protection Notice: https://group.bnpparibas/en/data-protection

CIC

cic.fr

CIC is the fourth largest banking group in France, consisting of seven regional banks which operate across France through a network of 1,844 branches employing 24,000 staff. CIC's customer base includes 2.7 million retail clients. One in eleven self-employed professionals is a CIC group client and nearly one in three companies banks with CIC Group.

UBL - United Bank Limited

ubldigital.com

On 7 November 1959, UBL’s first branch at II Chundrigar Road in Karachi was inaugurated and with it launched a culture of service, innovation and financial excellence in Pakistan. A banking company incorporated in Pakistan and engaged in commercial banking and related services, UBL operates one of the largest branch networks in Pakistan, augmented by its industry leading digital banking services which have earned it local and international recognition. Aiming to being the undisputed leader in financial services for our customers as well as the most innovative and fastest growing bank in targeted businesses, UBL is dedicated to its customers, stakeholders, its diverse team and the communities it operates in. VIS Credit Rating Company ltd. (VIS) has reaffirmed the entity ratings of UBL at ‘AAA/A-1+’ (Triple A / A-One Plus). The Bank is listed in Pakistan, with its Global Depository Receipts (GDRs) on the list of the UK Listing Authority and London Stock Exchange Professional Securities Market. It is a subsidiary of Bestway (Holdings) Limited which is incorporated in the United Kingdom. About Bestway Group Bestway Group is a diversified multinational family-owned business and the largest overseas investor in Pakistan. Bestway Group was founded in 1976 by Sir Anwar Pervez OBE HPk, who remains Chairman. Serving over 12 million customers and employing over 28,000 individuals, the Group supports and serves communities through its operations across the UK, Pakistan and the Middle East. UBL is one of the 6 subsidiaries of the Bestway Group which also contains Bestway Wholesale, Well Pharmacy, Real Estate, Bestway Cement Limited and Bestway Foundation.

Loading…

NEWS

BNP Paribas Fortis CyberSecurity News

Latest updates, reports, and threat intel affecting the global network.

November 26, 2025 08:00 AM

Charlotte Conings to moderate session at “25 Years of Cyber Justice” event

On 27 November, Charlotte Conings will moderate the session “Balancing Privacy and Law Enforcement in the Digital Age” at the 25 Years of...

Read Article

October 15, 2025 07:00 AM

Investment fraud and how to avoid it

Learn to identify investment fraud with our tips. Don't be tempted by promises of easy money and high returns.

Read Article

June 26, 2025 07:00 AM

Cybersecurity: protect your company today

Xavier Reul: "The Brussels-Capital Region offers companies support for securing their IT systems, capped at €10,000. This accounts for 25 to 70%...

Read Article

June 22, 2025 07:00 AM

World Finance Banking Awards 2025

The global banking industry in the past year has operated within an environment of significant complexity. Economic headwinds, high interest...

Read Article

March 30, 2025 08:00 PM

BNP Paribas Fortis signs up Worldline for WL Contact system

BNP Paribas Fortis has signed a multi-year contract with payments firm Worldline which will see the latter provide its WL Contact system on a cloud-hosted...

Read Article

March 26, 2025 10:46 PM

Belgium’s BNP Paribas Fortis unleashes bank account aggregator

Belgium-based BNP Paribas Fortis, a subsidiary of BNP Paribas, has launched the multi-banking version of its Easy Banking App for iPhone and Android...

Read Article

January 29, 2025 08:00 AM

Flemish government secures free access to Itsme digital ID app

Flemish government agencies, local authorities and schools will no longer have to pay extra to use the Itsme digital identification app.

Read Article

October 10, 2024 07:00 AM

Aikido Security, Cluepoints and Sofico all winners in the Private Equity Awards 2024

For growing companies, venture capital and private equity investors are playing a more important role than ever.

Read Article

April 10, 2023 07:00 AM

The bank in the digital age: spot and avoid phishing

Discover tips to protect yourself against phishing, what you can do against it and how to prevent a phishing attack.

Read Article

Loading…

CVE

Latest

Global CVEs (Not Company-Specific)

CVE-2026-53430

SUMMARY

Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in elixir-grpc grpc (GRPC.Compressor.Gzip, GRPC.Message modules) allows a denial of service via a gzip decompression bomb. This vulnerability is associated with program files lib/grpc/compressor/gzip.ex, lib/grpc/message.ex and program routines 'Elixir.GRPC.Compressor.Gzip':decompress/1, 'Elixir.GRPC.Message':from_data/2. 'Elixir.GRPC.Compressor.Gzip':decompress/1 calls :zlib.gunzip/1 directly on attacker-controlled bytes with no decompressed-size limit, ratio check, or incremental decoding. Because this module is the registered gzip GRPC.Compressor implementation, it is invoked automatically whenever an incoming gRPC frame carries the grpc-encoding: gzip header. :zlib.gunzip/1 allocates the entire decompressed result as a single binary, so a small highly compressible payload (for example a few kilobytes of zeros, which gzip compresses at roughly 1000:1) expands to multiple gigabytes inside a single call. The max_receive_message_length limit is enforced only against the already-decompressed message, so it provides no protection. An unauthenticated remote peer can send a single crafted frame to exhaust the BEAM node's heap and trigger an out-of-memory kill. This issue affects grpc: from 0.4.0 before 1.0.0.

Published

Date2026-06-15

Updated

Date2026-06-15

RISK INFORMATION (Score: )

cvss4

Base Score: 8.7

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

Exploitability

REFERENCES

CVE-2026-48854

SUMMARY

Allocation of Resources Without Limits or Throttling vulnerability in elixir-grpc grpc allows unauthenticated attackers to exhaust the BEAM's memory and crash the server by streaming a large or slow-trickle unary request body. 'Elixir.GRPC.Server.Adapters.Cowboy.Handler':read_full_body/3 (lib/grpc/server/adapters/cowboy/handler.ex) accumulates every received chunk into a single growing binary with no size cap. Additionally, when the client omits the grpc-timeout header, the per-chunk read timeout resolves to :infinity, allowing a slow-trickle client to keep the connection alive indefinitely while memory grows. A single connection is sufficient to exhaust server memory and crash the node. This issue affects grpc from 0.3.1 before 1.0.0.

Published

Date2026-06-15

Updated

Date2026-06-15

RISK INFORMATION (Score: )

cvss4

Base Score: 8.7

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

Exploitability

REFERENCES

CVE-2026-48853

SUMMARY

Deserialization of Untrusted Data and Allocation of Resources Without Limits or Throttling vulnerabilities in elixir-grpc grpc allow unauthenticated attackers to crash the BEAM node via atom table exhaustion and, when a decoded term flows into a call site that invokes it, achieve remote code execution on the server. 'Elixir.GRPC.Codec.Erlpack':decode/2 (lib/grpc/codec/erlpack.ex) calls :erlang.binary_to_term/1 on the raw gRPC message body without the :safe option, no size bound, and no type guard. Any unauthenticated peer that sends a request with Content-Type: application/grpc+erlpack can send a crafted payload that mints arbitrary new atoms (which are never garbage-collected, exhausting the bounded atom table and crashing the VM) or that encodes a fun term which, if applied anywhere downstream, executes attacker-controlled code inside the server process. This issue affects grpc from 0.4.0 before 1.0.0.

Published

Date2026-06-15

Updated

Date2026-06-15

RISK INFORMATION (Score: )

cvss4

Base Score: 9.2

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

Exploitability

REFERENCES

CVE-2026-48723

SUMMARY

The browserstack-cypress-cli is BrowserStack's CLI which allows users to run Cypress tests on BrowserStack. Versions prior to 1.36.4 are vulnerable to OS command injection via the cypress_config_file configuration parameter. In readCypressConfigUtil.js, the loadJsFile() function constructs a shell command by interpolating the user-controlled cypress_config_filepath value into a template literal, then executes it via child_process.execSync(). Shell metacharacters in the config path (specifically " and ;) allow breaking out of the quoted argument and injecting arbitrary commands. This issue has been fixed in version 1.36.6.

Published

Date2026-06-15

Updated

Date2026-06-15

RISK INFORMATION (Score: 7.8)

cvss3

Base Score: 7.8

Complexity: LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Impact Score

5.9

Exploitability

1.8

REFERENCES

CVE-2026-48599

SUMMARY

Authorization Bypass Through User-Controlled Key vulnerability in elixir-grpc grpc allows authenticated attackers to access or modify resources belonging to other users by smuggling a conflicting value for any path-bound field via the query string or request body. In 'Elixir.GRPC.Server.Transcode':map_request/5 (lib/grpc/server/transcode.ex), all three clauses use Map.merge/2 with path bindings as the first argument, giving them the lowest merge precedence. A request such as GET /users/me/profile?user_id=victim (or a POST with {"user_id": "victim"} when body: "*") yields a decoded protobuf struct where the path-bound field carries the attacker-supplied value rather than the router-extracted value. Any handler that uses the path-bound field for authorization, multi-tenancy scoping, or ownership checks is silently bypassed. This issue affects grpc from 0.8.0 before 1.0.0.

Published

Date2026-06-15

Updated

Date2026-06-15

RISK INFORMATION (Score: )

cvss4

Base Score: 7.6

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

Exploitability

REFERENCES

Loading…

API

Access Data Using Our API

Get company history

curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?
linkedin_id=axa' -H 'apikey: YOUR_API_KEY_HERE'

Try It API Documentation Rapid

MEASURE

What Do We Measure ?

Incident

Finding

Grade

Digital Assets

Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.

These are some of the factors we use to calculate the overall score:

Network SecurityIdentify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.

SBOM (Software Bill of Materials)Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.

CMDB (Configuration Management Database)Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.

Threat IntelligenceLeverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.

Rankiteo

By Rankiteo

★ ★ ★ ★ ★

View on G2.com

Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.

View latest plans →View all security reports →

MILESTONEG

Users
Love Us

Loading…