What is the official website of Hong Kong Exchanges and Clearing Limited (HKEX) ?

The official website of Hong Kong Exchanges and Clearing Limited (HKEX) is http://www.hkex.com.hk.

What is Hong Kong Exchanges and Clearing Limited (HKEX)'s cybersecurity risk score?

Hong Kong Exchanges and Clearing Limited (HKEX) has an AI-generated cybersecurity risk score of 817 out of 1000, indicating a Good security posture according to Rankiteo's assessment.

How many security incidents has Hong Kong Exchanges and Clearing Limited (HKEX) experienced?

According to Rankiteo, Hong Kong Exchanges and Clearing Limited (HKEX) currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.

Has Hong Kong Exchanges and Clearing Limited (HKEX) been affected by any supply chain cyber incidents ?

According to Rankiteo, Hong Kong Exchanges and Clearing Limited (HKEX) has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.

Does Hong Kong Exchanges and Clearing Limited (HKEX) have SOC 2 Type 1 certification ?

According to Rankiteo, Hong Kong Exchanges and Clearing Limited (HKEX) is not certified under SOC 2 Type 1.

Does Hong Kong Exchanges and Clearing Limited (HKEX) have SOC 2 Type 2 certification ?

According to Rankiteo, Hong Kong Exchanges and Clearing Limited (HKEX) does not hold a SOC 2 Type 2 certification.

Does Hong Kong Exchanges and Clearing Limited (HKEX) comply with GDPR ?

According to Rankiteo, Hong Kong Exchanges and Clearing Limited (HKEX) is not listed as GDPR compliant.

Does Hong Kong Exchanges and Clearing Limited (HKEX) have PCI DSS certification ?

According to Rankiteo, Hong Kong Exchanges and Clearing Limited (HKEX) does not currently maintain PCI DSS compliance.

Does Hong Kong Exchanges and Clearing Limited (HKEX) comply with HIPAA ?

According to Rankiteo, Hong Kong Exchanges and Clearing Limited (HKEX) is not compliant with HIPAA regulations.

Does Hong Kong Exchanges and Clearing Limited (HKEX) have ISO 27001 certification ?

According to Rankiteo,Hong Kong Exchanges and Clearing Limited (HKEX) is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.

Which industry does Hong Kong Exchanges and Clearing Limited (HKEX) operate in ?

Hong Kong Exchanges and Clearing Limited (HKEX) operates primarily in the Financial Services industry.

How many employees does Hong Kong Exchanges and Clearing Limited (HKEX) have ?

Hong Kong Exchanges and Clearing Limited (HKEX) employs approximately 1,943 people worldwide.

Does Hong Kong Exchanges and Clearing Limited (HKEX) own any subsidiaries ?

Hong Kong Exchanges and Clearing Limited (HKEX) presently has no subsidiaries across any sectors.

How many LinkedIn followers does Hong Kong Exchanges and Clearing Limited (HKEX) have ?

Hong Kong Exchanges and Clearing Limited (HKEX)'s official LinkedIn profile has approximately 107,991 followers.

What is the NAICS classification code for Hong Kong Exchanges and Clearing Limited (HKEX) ?

Hong Kong Exchanges and Clearing Limited (HKEX) is classified under the NAICS code 52, which corresponds to Finance and Insurance.

Does Hong Kong Exchanges and Clearing Limited (HKEX) have a Crunchbase profile ?

No, Hong Kong Exchanges and Clearing Limited (HKEX) does not have a profile on Crunchbase.

Does Hong Kong Exchanges and Clearing Limited (HKEX) have a LinkedIn profile ?

Yes, Hong Kong Exchanges and Clearing Limited (HKEX) maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/hkex.

How many cybersecurity incidents has Hong Kong Exchanges and Clearing Limited (HKEX) experienced ?

As of June 16, 2026, Rankiteo reports that Hong Kong Exchanges and Clearing Limited (HKEX) has experienced 1 cybersecurity incidents.

How many peer or competitor companies does Hong Kong Exchanges and Clearing Limited (HKEX) have ?

Hong Kong Exchanges and Clearing Limited (HKEX) has an estimated 32,101 peer or competitor companies worldwide.

What types of cybersecurity incidents has Hong Kong Exchanges and Clearing Limited (HKEX) faced ?

Incident Types: The types of cybersecurity incidents that have occurred include Cyber Attack.

NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop

WindowsmacOSLinux

Download

Badge your company to reduce your risk score and your cyber insurance costs!

Link verified badges to your company page to build trust with insurers and customers.

Apply now and get your badge!

Internal validation & live display

Insurers and partners see a safer profile

Faster underwriting decisions

Trusted by insurers. Chosen by leaders.

Proud contributor to the Society of Actuaries.

HKECL

Boost Score +25 with badge (5 left)

817

/1000

Good

842

/1000

Good

Hong Kong Exchanges and Clearing Limited (HKEX) Vendor Cyber Rating & Cyber Score

hkex.com.hk

Add Your Compliance Badge

HKEX Group is a global exchange group, operating dynamic and integrated financial markets in Asia and Europe. From our home in the financial hub of Hong Kong and an additional base in London, we provide world-class facilities for trading and clearing securities and derivatives in Equities, Commodities, Fixed Income and Currency. Uniquely positioned at the intersection of Chinese and international capital flows, Hong Kong has long been Connecting China with the World. With the accelerated opening-up of China’s capital markets, HKEX continues to be at the forefront of this historic transition, which we believe will Shape the Global Market Landscape.

HKECL A.I CyberSecurity Scoring

Scoring History

HKECL

Hong Kong Exchanges and Clearing Limited (HKEX) CyberSecurity News & History

Past Incidents

Attack Types

Entity

Type

Severity

Impact

Seen

Blog Details

Supply Chain Source

Incident Details

View

Hong Kong Exchanges...

Cyber Attack

6/2011

HON22310423

Loading…

A.I.

HKECL Company Scoring based on AI Models

Cyber Incidents Likelihood 3 - 6 - 9 months

Actual

Prediction

Incident Predictions locked

Access Monitoring Plan

A.I Risk Score Likelihood 3 - 6 - 9 months

Actual

Prediction A

Prediction B

Prediction C

Prediction D

A.I. Risk Score Predictions locked

Access Monitoring Plan

Loading…

Underwriter Stats for HKECL

Incidents vs Financial Services Industry Avg (This Year)

No incidents recorded for Hong Kong Exchanges and Clearing Limited (HKEX) in 2026.

Incidents vs All-Companies Average (This Year)

No incidents recorded for Hong Kong Exchanges and Clearing Limited (HKEX) in 2026.

Incident Types HKECL vs Financial Services Industry Avg (This Year)

No incidents recorded for Hong Kong Exchanges and Clearing Limited (HKEX) in 2026.

Incident History - HKECL (X = Date, Y = Severity)

Loading…

SUBSIDIARY

Hong Kong Exchanges and Clearing Limited (HKEX) Subsidiaries

HKECL

Financial Services

Website: http://www.hkex.com.hk

Company Size: 1,001-5,000 employees

HKEX Foundation 香港交易所慈善基金Philanthropic Fundraising Services

Loading…

Hong Kong Exchanges and Clearing Limited (HKEX) Similar Companies

M&T Bank

mtb.com

Great companies have an enduring sense of purpose. At M&T, our purpose is a simple one: make a difference in people’s lives and uplift the communities we serve. Founded in 1856 in Buffalo, NY we are now a top 11 full-service US-based commercial bank with a retail footprint across the east coast and wealth services available nationwide and abroad. As a bank, we offer advice, guidance, expertise, and solutions across the entire financial spectrum that combines M&T’s traditional banking services with the wealth management and institutional capabilities offered by Wilmington Trust. We are a community-minded organization with more than 167 years of experience. We serve customers, community, and colleagues whether they be across the street, across the state or across the country. As an employer of choice, we are proud to offer competitive benefits ranging from medical and retirement to forty hours of paid volunteer time, each year. Our core values drive the work we do – integrity, ownership, collaboration, curiosity, candor and we seek to further build upon our record of success by bringing in top talent and fresh skill sets while continuing to support the growth and development of all our team members. M&T Bank is unwavering when it comes to providing equal employment opportunities to all employees and applicants without regard to race, color, national origin, religion, ethnicity, sex, gender identity, age, disability, citizenship, pregnancy, veteran status, military status, marital status, sexual orientation, genetic information or any other characteristic protected under applicable federal, state or local laws.

Marsh McLennan

marsh.com

Marsh (NYSE: MRSH) is a global leader in risk, strategy and people, advising clients in 130 countries across four businesses: Marsh Risk, Guy Carpenter, Mercer and Oliver Wyman. With annual revenue over $24 billion and more than 90,000 colleagues, Marsh helps build the confidence to thrive through the power of perspective

Societe Generale Corporate and Investment Banking - SGCIB

societegenerale.com

We support you over time, during expansion phases and their more challenging periods alike. By providing a full range of solutions suited to your needs, we play a facilitating role to help you realise your ambitions and leverage your potential. This is why we intend to develop an authentic advisory relationship for all of your financial issues, specifically risk anticipation and management. Our model is based on both bankers who have a very detailed knowledge of their clients and the sectors in which they are active, as well as a broad cross-asset view of the bank’s various products and experts who bring sophisticated technical skill to their work. This client coverage model, though not in itself unique to Societe Generale, finds a better home there because of the bank’s ability to pool expertise in order to provide bespoke solutions to your needs. As a key pillar of the Societe Generale Group’s universal banking model, SG CIB supports the economy by playing a key intermediary role, offering broad market access to issuers and smart investment solutions to investors. The service we bring to our corporate and financial institutions clients revolves around three main activities - investment banking, financing and markets - and our global franchises of equity derivatives and natural resources. For our clients we stand out because we are a trusted advisor with a worldwide leading engineering expertise and a quality product suite.

Sicredi

sicredi.com.br

We are born collaborative We believe that change is only possible when everyone works together for the same purpose, after all, cooperativism is in our DNA. Besides this, we know that as important as it is to provide affordable financial solutions it is just as important to value growing together, quality of life and the social and economic development of everyone who makes this happen. Therefore, we are committed to our employees, our associates and the regions in which we operate. Together we make a difference We were fortunate to be recognized as one of the best companies in Brazil to work for. This recognition is a reflection of all the collective effort put into creating and maintaining a safe and welcoming work environment. Here numbers are not the most important thing, what really matters is that we are made up of people for people. We have opportunities for professionals from different areas and we recognize that working together makes a difference in our lives. Be part of this history, be Sicredi!

OTP Group

otpgroup.info

OTP Group is one of the fastest growing, leading independent banking groups in Central and Eastern Europe with a bridgehead in Central Asia. It operates in 11 countries - 10 in CEE region and 1 in Uzbekistan, employing nearly 40,000 people and providing universal financial services to 17 million customers. OTP Group has an outstanding profitability and a stable capital and liquidity position. The Group stands on the top spot on The Banker’s Magazine Top 100 CEE Banks 2024 ranked by Tier 1 capital and is the 4th most stress-resilient banking group in Europe, according to the CET1 rate decrease under three years stress scenario based on the European Banking Authority’s European banking stress test 2023. S&P Global Market Intelligence published the ranking of the best performing banks in Europe and for the first time among 50 largest European banks OTP Group was a top performer in 2023. As the most active consolidator in the banking sector of the CEE region, the Group has successfully acquired and integrated 25 banks since the early 2000s. Headquartered in Hungary, OTP Group has a very diversified and transparent ownership structure, without strategic investors and any state ownership. It has been listed on the Budapest Stock Exchange since 1995. With unique knowledge of the region and a lasting commitment to it, OTP Group is working towards helping the development of the region to become the continent’s growth engine. Linkedin Policy: https://www.otpbank.hu/static/portal/sw/file/otp-linkedin-policy.pdf

Block

block.xyz

Block is one company built from many blocks, all united by the same purpose of economic empowerment. The blocks that form our foundational teams — People, Finance, Counsel, Hardware, Information Security, Platform Infrastructure Engineering, and more — provide support and guidance at the corporate level. They work across business groups and around the globe, spanning time zones and disciplines to develop inclusive People policies, forecast finances, give legal counsel, safeguard systems, nurture new initiatives, and more. Every challenge creates possibilities, and we need different perspectives to see them all. Bring yours to Block.

Grupo Salinas

gruposalinas.com

Grupo Salinas es un conjunto de empresas dinámicas, que se caracterizan por la evolución constante y la innovación, enfocadas en la creación de valor económico, social y ambiental. Estamos en industrias diversas como comercio especializado, servicios financieros, telecomunicaciones y medios de comunicación, entre otros sectores. Nuestra Visión: Crear valor y prosperidad para millones de familias con base en una visión de negocios incluyente. Nuestra Misión: Ser el grupo empresarial mexicano más influyente con el mejor equipo de trabajo y con un modelo de gestión de alto desempeño; que permita la innovación permanente e impulsar la libertad, el estado de derecho y la igualdad de oportunidades. Sabemos que entender al cliente y ofrecerle todo lo que necesita para mejorar su calidad de vida es la vía para crear valor. Las acciones y estrategias del Grupo están alineadas a los más altos estándares internacionales en beneficio de la sociedad. Nuestro propósito es ofrecer excelentes productos y servicios que mejoren la calidad de vida de la población, sobre todo en los sectores menos favorecido. Grupo Salinas está integrada por: • Más de 100,000 colaboradores. • Banco Azteca, Tiendas Elektra, Italika, TV Azteca, Totalplay, Grupo Dragón, UPAX, Tiendas Neto, entre otras. • Estamos cerca de nuestros clientes en más de 6,000 puntos de contacto. • Presencia en 5 países: México, Estados Unidos, Guatemala, Honduras y Panamá.

PT. Pegadaian

pegadaian.co.id

PT Pegadaian didirikan di kota Sukabumi, Jawa Barat pada 1 April 1901. Tak hanya bergerak di Industri Gadai, Pegadaian juga memiliki ragam produk dan layanan seperti investasi berbasis emas yang dapat dimiliki oleh masyarakat dengan cara yang mudah, diantaranya Tabungan Emas, Cicil Emas dan Arisan Emas. Sementara untuk produk pembiayaan, Pegadaian menyediakan produk pembiayaan Haji dan Umroh, Kredit Mikro, Kredit Kendaraan hingga KUR Syariah. Tergabung dalam Holding Ultra Mikro pada 2021, Pegadaian bersama BRI dan PNM berkomitmen dalam mendukung UMKM untuk naik kelas. Pegadaian juga merupakan lembaga pembiayaan sosial yang berkomitmen untuk memberdayakan masyarakat melalui layanan keuangan inklusif. Dengan berbagai inovasi layanan dan program sosial, Pegadaian terus berupaya menciptakan dampak positif bagi komunitas dan masyarakat secara luas. Pada Desember 2024, Pegadaian resmi menjadi pelopor usaha Bulion dengan mengantongi izin yang dikeluarkan oleh Otoritas Jasa Keuangan (OJK), melalui surat Persetujuan Penyelenggaraan Kegiatan Usaha Bulion PT Pegadaian. Melalui surat tersebut, Pegadaian dapat melakukan kegiatan usaha Layanan Bank Emas Pegadaian yang meliputi Deposito Emas, Pinjaman Modal Kerja Emas, Jasa Titipan Emas Korporasi maupun Perdagangan Emas. Produk dan layanan Pegadaian dapat diakses baik secara konvensional maupun digital melalui aplikasi Pegadaian Digital yang dapat di unduh melalui AppStore maupun PlayStore. Untuk informasi lebih lanjut kunjungi www.pegadaian.co.id

BB&T

bbt.com

We’d love to stay connected with you! Please follow our Truist company page and unfollow this page which is no longer active. BB&T and SunTrust formed Truist with a shared purpose—to inspire and build better lives and communities. With our combined resources, collective passion, and commitment to innovation, we’re creating a better financial experience to help people and businesses achieve more. With 275 years of combined BB&T and SunTrust history, Truist serves approximately 12 million households with leading market share in many high growth markets in the country. The company offers a wide range of services including retail, small business and commercial banking; asset management; capital markets; commercial real estate; corporate and institutional banking; insurance; mortgage; payments; specialized lending; and wealth management. Headquartered in Charlotte, North Carolina, Truist is the sixth-largest commercial bank in the U.S. Truist Bank, Member FDIC. Learn more at Truist.com and see social media terms and conditions at Truist.com/SocialTerms.

Loading…

NEWS

Hong Kong Exchanges and Clearing Limited (HKEX) CyberSecurity News

Latest updates, reports, and threat intel affecting the global network.

January 27, 2026 08:00 AM

Hong Kong White-Collar/Financial Crime investigations, developments, and predictions.

Hong Kong's regulators are active, coordinated, and increasingly expectations‑driven. Businesses should be prepared for assertive use of...

Read Article

January 23, 2026 08:00 AM

Wealth Management, IPO Pipelines To Support Hong Kong Banking In 2026 – KPMG

The report struck a generally positive tone, with a few reservations concerning the intersection of cyber threats and AI to banks.

Read Article

November 17, 2025 08:00 AM

World’s First Officially Regulated Stablecoin Exchange Launched by Three Major Exchanges

... Trading Regulation by the Government of the Hong Kong Special Administrative Region, Hong Kong Exchanges and Clearing Limited (HKEX),...

Read Article

November 05, 2025 08:00 AM

HKEX Has Another Record Quarter on Strong Trading, Listing Activity

HKEX also witnessed a surge in trading volumes during the quarter, with the headline average daily turnover more than doubling to a record...

Read Article

October 08, 2025 07:00 AM

DBS CEO Tan Su Shan is Fortune’s most powerful woman in Asia; Josephine Teo among most influential

Ms Tan is known for having brought a Bloomberg terminal into the hospital when she gave birth in 1999. Read more at straitstimes.com.

Read Article

August 04, 2025 07:00 AM

Hong Kong Exchanges & Clearing’s AI Strategy: Analysis of HKEX’s Dominance in Stock Exchanges AI

The report explores how Hong Kong Exchanges & Clearing's AI strategy will dominate in stock exchanges: equity, commodity, fixed income,...

Read Article

June 15, 2025 07:00 AM

Hong Kong bourse seeks to woo Southeast Asia, Middle East firms for second listings

The Hong Kong stock exchange plans to attract listed companies in Southeast Asia and the Middle East, in particular, for second listings in the financial hub.

Read Article

March 22, 2025 10:20 PM

5 things to know about the DiDi debacle

Chinese ride-hailing giant DiDi raised more than US$4 billion when it debuted on the New York Stock Exchange on 1 July. Three weeks later shares in DiDi...

Read Article

February 27, 2025 08:00 AM

Hong Kong stock exchange posts record profits after China stimulus

Hong Kong Exchanges and Clearing reported full-year profits of HK$13.1bn (US$1.7bn) on Thursday, topping the previous record of HK$12.5bn set in 2021.

Read Article

Loading…

CVE

Latest

Global CVEs (Not Company-Specific)

CVE-2026-53430

SUMMARY

Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in elixir-grpc grpc (GRPC.Compressor.Gzip, GRPC.Message modules) allows a denial of service via a gzip decompression bomb. This vulnerability is associated with program files lib/grpc/compressor/gzip.ex, lib/grpc/message.ex and program routines 'Elixir.GRPC.Compressor.Gzip':decompress/1, 'Elixir.GRPC.Message':from_data/2. 'Elixir.GRPC.Compressor.Gzip':decompress/1 calls :zlib.gunzip/1 directly on attacker-controlled bytes with no decompressed-size limit, ratio check, or incremental decoding. Because this module is the registered gzip GRPC.Compressor implementation, it is invoked automatically whenever an incoming gRPC frame carries the grpc-encoding: gzip header. :zlib.gunzip/1 allocates the entire decompressed result as a single binary, so a small highly compressible payload (for example a few kilobytes of zeros, which gzip compresses at roughly 1000:1) expands to multiple gigabytes inside a single call. The max_receive_message_length limit is enforced only against the already-decompressed message, so it provides no protection. An unauthenticated remote peer can send a single crafted frame to exhaust the BEAM node's heap and trigger an out-of-memory kill. This issue affects grpc: from 0.4.0 before 1.0.0.

Published

Date2026-06-15

Updated

Date2026-06-15

RISK INFORMATION (Score: )

cvss4

Base Score: 8.7

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

Exploitability

REFERENCES

CVE-2026-48854

SUMMARY

Allocation of Resources Without Limits or Throttling vulnerability in elixir-grpc grpc allows unauthenticated attackers to exhaust the BEAM's memory and crash the server by streaming a large or slow-trickle unary request body. 'Elixir.GRPC.Server.Adapters.Cowboy.Handler':read_full_body/3 (lib/grpc/server/adapters/cowboy/handler.ex) accumulates every received chunk into a single growing binary with no size cap. Additionally, when the client omits the grpc-timeout header, the per-chunk read timeout resolves to :infinity, allowing a slow-trickle client to keep the connection alive indefinitely while memory grows. A single connection is sufficient to exhaust server memory and crash the node. This issue affects grpc from 0.3.1 before 1.0.0.

Published

Date2026-06-15

Updated

Date2026-06-15

RISK INFORMATION (Score: )

cvss4

Base Score: 8.7

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

Exploitability

REFERENCES

CVE-2026-48853

SUMMARY

Deserialization of Untrusted Data and Allocation of Resources Without Limits or Throttling vulnerabilities in elixir-grpc grpc allow unauthenticated attackers to crash the BEAM node via atom table exhaustion and, when a decoded term flows into a call site that invokes it, achieve remote code execution on the server. 'Elixir.GRPC.Codec.Erlpack':decode/2 (lib/grpc/codec/erlpack.ex) calls :erlang.binary_to_term/1 on the raw gRPC message body without the :safe option, no size bound, and no type guard. Any unauthenticated peer that sends a request with Content-Type: application/grpc+erlpack can send a crafted payload that mints arbitrary new atoms (which are never garbage-collected, exhausting the bounded atom table and crashing the VM) or that encodes a fun term which, if applied anywhere downstream, executes attacker-controlled code inside the server process. This issue affects grpc from 0.4.0 before 1.0.0.

Published

Date2026-06-15

Updated

Date2026-06-15

RISK INFORMATION (Score: )

cvss4

Base Score: 9.2

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

Exploitability

REFERENCES

CVE-2026-48723

SUMMARY

The browserstack-cypress-cli is BrowserStack's CLI which allows users to run Cypress tests on BrowserStack. Versions prior to 1.36.4 are vulnerable to OS command injection via the cypress_config_file configuration parameter. In readCypressConfigUtil.js, the loadJsFile() function constructs a shell command by interpolating the user-controlled cypress_config_filepath value into a template literal, then executes it via child_process.execSync(). Shell metacharacters in the config path (specifically " and ;) allow breaking out of the quoted argument and injecting arbitrary commands. This issue has been fixed in version 1.36.6.

Published

Date2026-06-15

Updated

Date2026-06-15

RISK INFORMATION (Score: 7.8)

cvss3

Base Score: 7.8

Complexity: LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Impact Score

5.9

Exploitability

1.8

REFERENCES

CVE-2026-48599

SUMMARY

Authorization Bypass Through User-Controlled Key vulnerability in elixir-grpc grpc allows authenticated attackers to access or modify resources belonging to other users by smuggling a conflicting value for any path-bound field via the query string or request body. In 'Elixir.GRPC.Server.Transcode':map_request/5 (lib/grpc/server/transcode.ex), all three clauses use Map.merge/2 with path bindings as the first argument, giving them the lowest merge precedence. A request such as GET /users/me/profile?user_id=victim (or a POST with {"user_id": "victim"} when body: "*") yields a decoded protobuf struct where the path-bound field carries the attacker-supplied value rather than the router-extracted value. Any handler that uses the path-bound field for authorization, multi-tenancy scoping, or ownership checks is silently bypassed. This issue affects grpc from 0.8.0 before 1.0.0.

Published

Date2026-06-15

Updated

Date2026-06-15

RISK INFORMATION (Score: )

cvss4

Base Score: 7.6

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

Exploitability

REFERENCES

Loading…

API

Access Data Using Our API

Get company history

curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?
linkedin_id=axa' -H 'apikey: YOUR_API_KEY_HERE'

Try It API Documentation Rapid

MEASURE

What Do We Measure ?

Incident

Finding

Grade

Digital Assets

Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.

These are some of the factors we use to calculate the overall score:

Network SecurityIdentify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.

SBOM (Software Bill of Materials)Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.

CMDB (Configuration Management Database)Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.

Threat IntelligenceLeverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.

Rankiteo

By Rankiteo

★ ★ ★ ★ ★

View on G2.com

Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.

View latest plans →View all security reports →

MILESTONEG

Users
Love Us

Loading…