What is the official website of Ford Pro UK ?

The official website of Ford Pro UK is https://www.ford.co.uk/commercial-vehicles/discover/innovation/about-fordpro.

What is Ford Pro UK's cybersecurity risk score?

Ford Pro UK has an AI-generated cybersecurity risk score of 749 out of 1000, indicating a Moderate security posture according to Rankiteo's assessment.

How many security incidents has Ford Pro UK experienced?

According to Rankiteo, Ford Pro UK currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.

Has Ford Pro UK been affected by any supply chain cyber incidents ?

According to Rankiteo, Ford Pro UK has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.

Does Ford Pro UK have SOC 2 Type 1 certification ?

According to Rankiteo, Ford Pro UK is not certified under SOC 2 Type 1.

Does Ford Pro UK have SOC 2 Type 2 certification ?

According to Rankiteo, Ford Pro UK does not hold a SOC 2 Type 2 certification.

Does Ford Pro UK comply with GDPR ?

According to Rankiteo, Ford Pro UK is not listed as GDPR compliant.

Does Ford Pro UK have PCI DSS certification ?

According to Rankiteo, Ford Pro UK does not currently maintain PCI DSS compliance.

Does Ford Pro UK comply with HIPAA ?

According to Rankiteo, Ford Pro UK is not compliant with HIPAA regulations.

Does Ford Pro UK have ISO 27001 certification ?

According to Rankiteo,Ford Pro UK is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.

Which industry does Ford Pro UK operate in ?

Ford Pro UK operates primarily in the Motor Vehicle Manufacturing industry.

How many employees does Ford Pro UK have ?

Ford Pro UK employs approximately None employees people worldwide.

Does Ford Pro UK own any subsidiaries ?

Ford Pro UK presently has no subsidiaries across any sectors.

How many LinkedIn followers does Ford Pro UK have ?

Ford Pro UK's official LinkedIn profile has approximately 5,876 followers.

What is the NAICS classification code for Ford Pro UK ?

Ford Pro UK is classified under the NAICS code 3361, which corresponds to Motor Vehicle Manufacturing.

Does Ford Pro UK have a Crunchbase profile ?

No, Ford Pro UK does not have a profile on Crunchbase.

Does Ford Pro UK have a LinkedIn profile ?

Yes, Ford Pro UK maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/ford-pro-uk.

How many cybersecurity incidents has Ford Pro UK experienced ?

As of June 16, 2026, Rankiteo reports that Ford Pro UK has experienced 1 cybersecurity incidents.

How many peer or competitor companies does Ford Pro UK have ?

Ford Pro UK has an estimated 12,970 peer or competitor companies worldwide.

What types of cybersecurity incidents has Ford Pro UK faced ?

Incident Types: The types of cybersecurity incidents that have occurred include Vulnerability.

NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop

WindowsmacOSLinux

Download

Badge your company to reduce your risk score and your cyber insurance costs!

Link verified badges to your company page to build trust with insurers and customers.

Apply now and get your badge!

Internal validation & live display

Insurers and partners see a safer profile

Faster underwriting decisions

Trusted by insurers. Chosen by leaders.

Proud contributor to the Society of Actuaries.

FPU

Boost Score +25 with badge (5 left)

749

/1000

Moderate

774

/1000

Fair

Ford Pro UK Vendor Cyber Rating & Cyber Score

ford.co.uk

Add Your Compliance Badge

Ford Pro™ puts everything you need in one place. Our mission is simple: we’re here to make running your commercial vehicles as easy and hassle-free as possible. We can provide you with a complete, end-to-end commercial fleet solution and you have the flexibility to pick the elements of Ford Pro you need – from finding you the right vehicles, to a host of intelligent fleet management software, vehicle maintenance, and financing services. All seamlessly connected. All helping to increase vehicle uptime and maximise productivity for your business. At its heart Ford Pro™ is a one-stop-shop. Behind the scenes, multiple facets are working together to drive everything. Ford Pro™ Intelligence™ is a suite of software applications, unlocking data

FPU A.I CyberSecurity Scoring

Scoring History

FPU

Ford Pro UK CyberSecurity News & History

Past Incidents

Attack Types

Entity

Type

Severity

Impact

Seen

Blog Details

Supply Chain Source

Incident Details

View

Ford Pro UK

Vulnerability

6/2020

FOR412071725

Loading…

A.I.

FPU Company Scoring based on AI Models

Cyber Incidents Likelihood 3 - 6 - 9 months

Actual

Prediction

Incident Predictions locked

Access Monitoring Plan

A.I Risk Score Likelihood 3 - 6 - 9 months

Actual

Prediction A

Prediction B

Prediction C

Prediction D

A.I. Risk Score Predictions locked

Access Monitoring Plan

Loading…

Underwriter Stats for FPU

Incidents vs Motor Vehicle Manufacturing Industry Avg (This Year)

No incidents recorded for Ford Pro UK in 2026.

Incidents vs All-Companies Average (This Year)

No incidents recorded for Ford Pro UK in 2026.

Incident Types FPU vs Motor Vehicle Manufacturing Industry Avg (This Year)

No incidents recorded for Ford Pro UK in 2026.

Incident History - FPU (X = Date, Y = Severity)

Loading…

SUBSIDIARY

Ford Pro UK Subsidiaries

FPU

Motor Vehicle Manufacturing

Website: https://www.ford.co.uk/commercial-vehicles/discover/innovation/about-fordpro

Company Size: None employees

Ford Motor CompanyMotor Vehicle Manufacturing

Ford Business Solutions HungaryMotor Vehicle Manufacturing

Ford MéxicoMotor Vehicle Manufacturing

Ford Pro MéxicoMotor Vehicle Manufacturing

Ford ArgentinaMotor Vehicle Manufacturing

Ford Middle EastMotor Vehicle Manufacturing

Ford Business SolutionsMotor Vehicle Manufacturing

Ford BrasilMotor Vehicle Manufacturing

Ford Pro BrasilMotor Vehicle Manufacturing

Ford CreditFinancial Services

Ford ChinaMotor Vehicle Manufacturing

Ford RacingMotor Vehicle Manufacturing

Ford AustraliaMotor Vehicle Manufacturing

Ford Means BusinessMotor Vehicle Manufacturing

Ford UKMotor Vehicle Manufacturing

Ford SverigeMotor Vehicle Manufacturing

Ford AustriaMotor Vehicle Manufacturing

Ford SwitzerlandMotor Vehicle Manufacturing

Ford Motor ΕλλάςMotor Vehicle Manufacturing

Ford PolskaProdukcja części do pojazdów silnikowych

Ford FranceMotor Vehicle Manufacturing

Ford DanmarkMotor Vehicle Manufacturing

Ford Belgium and LuxembourgMotor Vehicle Manufacturing

Ford DeutschlandMotor Vehicle Manufacturing

Ford PortugalAutomotive

Ford IrelandMotor Vehicle Manufacturing

Lincoln Motor CompanyMotor Vehicle Manufacturing

Ford FinlandMotor Vehicle Manufacturing

Ford ItaliaMotor Vehicle Manufacturing

Ford NederlandProductie motorvoertuigen

Ford PerformanceMotor Vehicle Manufacturing

Ford Motor Norge ASProduksjon av motorvogner

Ford RomaniaFabricația de autovehicule

Ford Business Solutions - IndiaTechnology, Information and Internet

Ford Pro ItaliaMotor Vehicle Manufacturing

Ford ProMotor Vehicle Manufacturing

Loading…

Ford Pro UK Similar Companies

Honda Cars India Ltd

hondacarindia.com

Honda Cars India Ltd. (HCIL), a leading manufacturer of premium cars in India, was established in December 1995 with a commitment to provide Honda’s passenger car models and technologies, to the Indian customers. HCIL’s corporate office is based in Greater Noida, UP and its state-of-the-art manufacturing facility is located at Tapukara, District. Alwar, Rajasthan. Honda’s models are strongly associated with advanced design and technology, apart from their established qualities of durability, reliability, safety, and fuel-efficiency. The company has a strong sales and distribution network spread across the country. Besides the new car business, Honda offers one stop solution for buying and selling pre-owned cars through its business function Honda Auto Terrace. The Honda Certified Pre-owned cars come with an assurance of quality and peace of mind that caters to the diverse and burgeoning needs of pre-owned car buyers across the country.

Bridgestone Americas

cb bridgestoneamericas.com

Bridgestone Americas, Inc. (BSAM), headquartered in Nashville, Tennessee, and Bridgestone Europe, Middle East and Africa (BSEMEA), headquartered in Brussels, Belgium, operate collectively as a “Bridgestone West” strategic region. This region services the strategic business needs of teams across the Americas, Europe, Middle East and Africa. BSAM and BSEMEA are subsidiaries of Bridgestone Corporation, globally headquartered in Japan. Bridgestone and its subsidiaries develop, manufactures and markets a diverse portfolio of original equipment and replacement tires, tire-centric solutions, mobility solutions and other rubber-associated and diversified products that deliver social and customer value. These best-in-class offerings are sold to consumers and fleet customers around the world under the trusted Bridgestone and Firestone brand names. With more than 50 production facilities and 55,000 employees, the Bridgestone Americas (BSAM) enterprise spans from Canada to Argentina. Business units of Bridgestone Americas include Bridgestone Retail Operations, the world’s largest network of company-owned retail tire and automotive service centers; Bandag, a leader in commercial tire retreading worldwide and Firestone Industrial Products, a leading provider of technologically advanced air springs for commercial and passenger vehicle applications. At Bridgestone, you are Free to Be We believe people can only provide superior service and quality to others when they bring their whole self to work. We believe in championing all perspectives, individuals and teams because we understand the importance of seeing the world and our business through many different lenses. We are building a team as diverse as the world we serve. So, show us what you are made of, because who you are is what we need. To view our terms of use, visit https://www.bridgestoneamericas.com/en/terms-of-use.

Michelin

michelin.com

Michelin is a world-leading manufacturer of life-changing composites and experiences. Pioneering materials science over more than 130 years, Michelin is uniquely positioned to make decisive contributions to human progress and a more sustainable world. Drawing on technological leadership in polymer composites, Michelin is constantly innovating to manufacture high-quality tires and components for critical applications in demanding fields as varied as mobility, construction, aeronautics, low-carbon energies, and healthcare. The care we put into our products and our intimate knowledge of consumer habits enable Michelin to offer its customers exceptional experiences, whether in terms of connected solutions and artificial intelligence for professional fleets, or for discovering the outstanding restaurants and hotels that the MICHELIN Guide recommends.

PACCAR

paccar.com

PACCAR is a global technology leader in the design, manufacture and customer support of premium light-, medium- and heavy-duty trucks under the Kenworth, Peterbilt and DAF nameplates. PACCAR also designs and manufactures advanced diesel engines, provides financial services, information technology, and distributes truck parts related to its principal business. Kenworth Truck Company builds premium commercial vehicles for sale in the U.S., Canada, Mexico and Australia and for export throughout the world. Peterbilt Motors also designs, manufactures and distributes premium commercial vehicles in the US and Canada. DAF Trucks manufactures trucks in the Netherlands, Belgium, Brasil and the United Kingdom for sale throughout Western and Eastern Europe, and export to Asia, Africa, North and South America. PACCAR Parts operates a network of parts distribution centers offering aftermarket support to Kenworth, Peterbilt and DAF dealers and customers around the world. Aftermarket support includes customer call centers operating 24 hours a day throughout the year and technologically advanced systems to enhance inventory control and expedite order processing. PACCAR Financial Services provides finance, lease and insurance services to dealers and customers in more than 100 countries including a portfolio of more than 175,000 trucks and trailers and total assets in excess of $12 billion. The group includes PACCAR Leasing, a major full-service truck leasing company in North America, with a fleet of over 39,000 vehicles. Environmental responsibility is one of PACCAR’s core values. The company regularly develops new programs to help protect and preserve the environment and PACCAR has established ambitious goals to further reduce emissions and enhance fuel efficiency in its truck models.

American Honda Motor Company, Inc.

honda.com

We are Honda. A company built on dreams and the determination to make them come true. Driven by our commitment to society and the planet, our work brings joy to our customers and enhances mobility, as we work to help people everywhere expand their life’s potential. Our products, from cars and trucks, to advanced light jets and other forms of mobility, reflect our belief that the purpose of technology is to help people. Together, we are building an inclusive culture where people feel seen and celebrated. Where associates from a variety of backgrounds can apply their unique ideas and experiences to help us create a cleaner, safer, more exciting mobile world. You’re invited to join Honda on this journey. Your individual skills, passion, persistence, innovative mindset and challenging spirit are needed to help Honda Bring the Future. Bring the Future at honda.com/careers

Hero MotoCorp

heromotocorp.com

Hero MotoCorp, the world’s largest two-wheeler company, is shaping the future of mobility for over 125 million riders across 48 countries. Our story began in 1984, founded by the visionary Chairman Emeritus, Dr. Brijmohan Lall Munjal, with a bold vision: to make mobility accessible and aspirational for millions. Under the dynamic leadership of Executive Chairman, Dr. Pawan Munjal, we have grown into a global force in innovation, sustainability, and purpose-driven growth. Driven by our vision to ‘Be the Future of Mobility,’ we are innovating for tomorrow with our emerging mobility brand, VIDA, and groundbreaking innovations like the Surge S32, recognized as one of TIME's Best Inventions of 2024. With world-class R&D hubs in India and Germany, and advanced green manufacturing across three countries, we’re building more than machines. We’re building momentum for the planet. From icons like Splendor and Karizma to our premium collaboration with Harley-Davidson, we deliver performance with purpose. Our commitment to sustainability runs deep - we've achieved zero waste-to-landfill and 455% water positivity, and our DJSI (Dow Jones Sustainability Index) recognition reflects our dedication to doing business the right way. Recognized by TIME as the World’s Best Organizations (2024) and Asia Pacific’s Best Companies (2025), we are an organization driven by values and powered by people. Hero MotoCorp is more than a workplace; it’s a launchpad for your boldest ambitions. Join us. Create. Collaborate. Inspire. Come, be the future of mobility.

Mahindra and Mahindra Limited [Automotive and Farm Equipment Business]

mahindracareers.com

A USD 19.4 billion multinational group based in Mumbai, India, Mahindra provides employment opportunities to over 256,000 people across 100 countries. Mahindra operates in the key industries that drive economic growth, enjoying a leadership position in tractors, utility vehicles, information technology, financial services and vacation ownership. In addition, Mahindra enjoys a strong presence in the agribusiness, aerospace, components, consulting services, defence, energy, industrial equipment, logistics, real estate, retail, steel, commercial vehicles and two wheeler industries. The Automotive and Farm Equipment Business is the largest contributor of the Mahindra Group’s revenue. With 30,000+ full time employees spread across 20 locations, Mahindra has a strong presence in India. Further it propels an entire manufacturing ecosystem of 1,200 suppliers and 3,500 dealers, thereby creating direct and indirect employment for over 200,000 individuals. Our Farm Equipment business is the number 1 tractor company in the world by volume. In addition to our focus on maintaining a leading position in the core tractor mechanization business, we strive to deliver on our aspiration of “Farm Tech Prosperity” thus enabling our customers and our communities to RISE. Our Automotive business is a full-range mobility player with a presence in almost every segment of the automobile industry. Our product portfolio ranges from world class SUVs, premium luxury UVs, sedans, pick-ups, light, medium and heavy commercial vehicles to three-wheelers. All these cater to a diverse customer base spanning across rural and semi-urban customers. Leveraging our growing dominance, domestic & international market penetration and recent strategic acquisitions, we aim to provide world class exeperience to our customers and team members.

Magna International

magna.com

We see a future where everyone can live and move without limitations. That’s why we are developing technologies, systems and concepts that make vehicles safer and cleaner, while serving our communities, the planet and, above all, people. Forward. For all. Our common shares trade on the Toronto Stock Exchange (MG) and the New York Stock Exchange (MGA). For further information about Magna, visit www.magna.com.

AUDI AG

cb audi.com

#WeAreProgress ++ Progress is in our DNA. It’s not just in our cars, but also in us. The focus at Audi is on us – the people – and we are shaping the future of mobility together. With our inner drive. With the aim to continuously improve. With our mindset, courage and confidence. Because progress develops in the mind – and in the heart! Learn more about how we are progress: https://lnkd.in/dKyUjig Impressum: https://www.audi.com/en/legal.html Legal notice: https://www.audi.com/en/legal-notice.html Privacy Policy for Recruiting activities: Datenschutzhinweis (DE): https://karriere.audi.de/sap/bc/bsp/sap/z_hcmx_ui_ext/commons/resources/downloads/Datenschutzhinweis.pdf Data protection note (EN): https://karriere.audi.de/sap/bc/bsp/sap/z_hcmx_ui_ext/commons/resources/downloads/PrivacyPolicy.pdf Community Management: Audi Interaction GmbH (https://www.audiinteraction.com/)

Loading…

NEWS

Ford Pro UK CyberSecurity News

Latest updates, reports, and threat intel affecting the global network.

November 10, 2025 08:00 AM

Article | Senate shutdown deal includes language to renew two key cyber laws

The Senate version of legislation to reopen the federal government includes language to temporarily reinstate two key cyber laws that...

Read Article

October 09, 2025 07:00 AM

Article | Peters to introduce bill reviving key cyber info-sharing law with retroactive safeguards

Senate Homeland Security ranking member Gary Peters (D-Mich.) plans to introduce a new bill to reauthorize a foundational cybersecurity...

Read Article

October 02, 2025 07:00 AM

Article | Government flying partially blind to threats after key cyber law expires

A key law that helps the federal government guard against cyber threats to U.S. critical systems expired as the government shut down...

Read Article

September 19, 2025 07:00 AM

E&E News: Audit finds Interior computers vulnerable to hacking

GREENWIRE | The Interior Department remains vulnerable to cybersecurity threats and has lagged in efforts to shore up its information...

Read Article

September 09, 2025 08:13 PM

National cyber director announces upcoming national cybersecurity strategy

Read Article

September 09, 2025 07:00 AM

Article | Industry ‘very concerned’ about potential lapse in federal cyber threat sharing law

Cybersecurity organizations are worried about a potential lapse in a foundational cyber threat sharing law set to expire at the end of the...

Read Article

September 03, 2025 07:00 AM

Article | House panel approves key bills on state and local cybersecurity, cyber threat info sharing

The House Homeland Security Committee almost unanimously voted in favor of reauthorization efforts for two key cyber policy bills that would...

Read Article

July 17, 2025 07:00 AM

Article | CISA director nominee Sean Plankey to appear before Senate panel next week

Sean Plankey, President Donald Trump's nominee to serve as director of the Cybersecurity and Infrastructure Security Agency,...

Read Article

June 23, 2025 07:00 AM

Article | Cybersecurity groups track surge in Iranian-linked threats to US orgs

Multiple leading cybersecurity firms on Monday reported surges in threats to US organizations linked to Iranian hackers after the US struck Iranian nuclear...

Read Article

Loading…

CVE

Latest

Global CVEs (Not Company-Specific)

CVE-2026-53430

SUMMARY

Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in elixir-grpc grpc (GRPC.Compressor.Gzip, GRPC.Message modules) allows a denial of service via a gzip decompression bomb. This vulnerability is associated with program files lib/grpc/compressor/gzip.ex, lib/grpc/message.ex and program routines 'Elixir.GRPC.Compressor.Gzip':decompress/1, 'Elixir.GRPC.Message':from_data/2. 'Elixir.GRPC.Compressor.Gzip':decompress/1 calls :zlib.gunzip/1 directly on attacker-controlled bytes with no decompressed-size limit, ratio check, or incremental decoding. Because this module is the registered gzip GRPC.Compressor implementation, it is invoked automatically whenever an incoming gRPC frame carries the grpc-encoding: gzip header. :zlib.gunzip/1 allocates the entire decompressed result as a single binary, so a small highly compressible payload (for example a few kilobytes of zeros, which gzip compresses at roughly 1000:1) expands to multiple gigabytes inside a single call. The max_receive_message_length limit is enforced only against the already-decompressed message, so it provides no protection. An unauthenticated remote peer can send a single crafted frame to exhaust the BEAM node's heap and trigger an out-of-memory kill. This issue affects grpc: from 0.4.0 before 1.0.0.

Published

Date2026-06-15

Updated

Date2026-06-15

RISK INFORMATION (Score: )

cvss4

Base Score: 8.7

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

Exploitability

REFERENCES

CVE-2026-48854

SUMMARY

Allocation of Resources Without Limits or Throttling vulnerability in elixir-grpc grpc allows unauthenticated attackers to exhaust the BEAM's memory and crash the server by streaming a large or slow-trickle unary request body. 'Elixir.GRPC.Server.Adapters.Cowboy.Handler':read_full_body/3 (lib/grpc/server/adapters/cowboy/handler.ex) accumulates every received chunk into a single growing binary with no size cap. Additionally, when the client omits the grpc-timeout header, the per-chunk read timeout resolves to :infinity, allowing a slow-trickle client to keep the connection alive indefinitely while memory grows. A single connection is sufficient to exhaust server memory and crash the node. This issue affects grpc from 0.3.1 before 1.0.0.

Published

Date2026-06-15

Updated

Date2026-06-15

RISK INFORMATION (Score: )

cvss4

Base Score: 8.7

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

Exploitability

REFERENCES

CVE-2026-48853

SUMMARY

Deserialization of Untrusted Data and Allocation of Resources Without Limits or Throttling vulnerabilities in elixir-grpc grpc allow unauthenticated attackers to crash the BEAM node via atom table exhaustion and, when a decoded term flows into a call site that invokes it, achieve remote code execution on the server. 'Elixir.GRPC.Codec.Erlpack':decode/2 (lib/grpc/codec/erlpack.ex) calls :erlang.binary_to_term/1 on the raw gRPC message body without the :safe option, no size bound, and no type guard. Any unauthenticated peer that sends a request with Content-Type: application/grpc+erlpack can send a crafted payload that mints arbitrary new atoms (which are never garbage-collected, exhausting the bounded atom table and crashing the VM) or that encodes a fun term which, if applied anywhere downstream, executes attacker-controlled code inside the server process. This issue affects grpc from 0.4.0 before 1.0.0.

Published

Date2026-06-15

Updated

Date2026-06-15

RISK INFORMATION (Score: )

cvss4

Base Score: 9.2

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

Exploitability

REFERENCES

CVE-2026-48723

SUMMARY

The browserstack-cypress-cli is BrowserStack's CLI which allows users to run Cypress tests on BrowserStack. Versions prior to 1.36.4 are vulnerable to OS command injection via the cypress_config_file configuration parameter. In readCypressConfigUtil.js, the loadJsFile() function constructs a shell command by interpolating the user-controlled cypress_config_filepath value into a template literal, then executes it via child_process.execSync(). Shell metacharacters in the config path (specifically " and ;) allow breaking out of the quoted argument and injecting arbitrary commands. This issue has been fixed in version 1.36.6.

Published

Date2026-06-15

Updated

Date2026-06-15

RISK INFORMATION (Score: 7.8)

cvss3

Base Score: 7.8

Complexity: LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Impact Score

5.9

Exploitability

1.8

REFERENCES

CVE-2026-48599

SUMMARY

Authorization Bypass Through User-Controlled Key vulnerability in elixir-grpc grpc allows authenticated attackers to access or modify resources belonging to other users by smuggling a conflicting value for any path-bound field via the query string or request body. In 'Elixir.GRPC.Server.Transcode':map_request/5 (lib/grpc/server/transcode.ex), all three clauses use Map.merge/2 with path bindings as the first argument, giving them the lowest merge precedence. A request such as GET /users/me/profile?user_id=victim (or a POST with {"user_id": "victim"} when body: "*") yields a decoded protobuf struct where the path-bound field carries the attacker-supplied value rather than the router-extracted value. Any handler that uses the path-bound field for authorization, multi-tenancy scoping, or ownership checks is silently bypassed. This issue affects grpc from 0.8.0 before 1.0.0.

Published

Date2026-06-15

Updated

Date2026-06-15

RISK INFORMATION (Score: )

cvss4

Base Score: 7.6

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

Exploitability

REFERENCES

Loading…

API

Access Data Using Our API

Get company history

curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?
linkedin_id=axa' -H 'apikey: YOUR_API_KEY_HERE'

Try It API Documentation Rapid

MEASURE

What Do We Measure ?

Incident

Finding

Grade

Digital Assets

Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.

These are some of the factors we use to calculate the overall score:

Network SecurityIdentify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.

SBOM (Software Bill of Materials)Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.

CMDB (Configuration Management Database)Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.

Threat IntelligenceLeverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.

Rankiteo

By Rankiteo

★ ★ ★ ★ ★

View on G2.com

Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.

View latest plans →View all security reports →

MILESTONEG

Users
Love Us

Loading…