What is the official website of MENARINI Group ?

The official website of MENARINI Group is https://www.menarini.com.

What is MENARINI Group's cybersecurity risk score?

MENARINI Group has an AI-generated cybersecurity risk score of 784 out of 1000, indicating a Fair security posture according to Rankiteo's assessment.

How many security incidents has MENARINI Group experienced?

According to Rankiteo, MENARINI Group currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.

Has MENARINI Group been affected by any supply chain cyber incidents ?

According to Rankiteo, MENARINI Group has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.

Does MENARINI Group have SOC 2 Type 1 certification ?

According to Rankiteo, MENARINI Group is not certified under SOC 2 Type 1.

Does MENARINI Group have SOC 2 Type 2 certification ?

According to Rankiteo, MENARINI Group does not hold a SOC 2 Type 2 certification.

Does MENARINI Group comply with GDPR ?

According to Rankiteo, MENARINI Group is not listed as GDPR compliant.

Does MENARINI Group have PCI DSS certification ?

According to Rankiteo, MENARINI Group does not currently maintain PCI DSS compliance.

Does MENARINI Group comply with HIPAA ?

According to Rankiteo, MENARINI Group is not compliant with HIPAA regulations.

Does MENARINI Group have ISO 27001 certification ?

According to Rankiteo,MENARINI Group is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.

Which industry does MENARINI Group operate in ?

MENARINI Group operates primarily in the Pharmaceutical Manufacturing industry.

How many employees does MENARINI Group have ?

MENARINI Group employs approximately 12,720 people worldwide.

Does MENARINI Group own any subsidiaries ?

MENARINI Group presently has no subsidiaries across any sectors.

How many LinkedIn followers does MENARINI Group have ?

MENARINI Group's official LinkedIn profile has approximately 423,250 followers.

What is the NAICS classification code for MENARINI Group ?

MENARINI Group is classified under the NAICS code 3254, which corresponds to Pharmaceutical and Medicine Manufacturing.

Does MENARINI Group have a Crunchbase profile ?

No, MENARINI Group does not have a profile on Crunchbase.

Does MENARINI Group have a LinkedIn profile ?

Yes, MENARINI Group maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/menarini.

How many cybersecurity incidents has MENARINI Group experienced ?

As of June 16, 2026, Rankiteo reports that MENARINI Group has not experienced any cybersecurity incidents.

How many peer or competitor companies does MENARINI Group have ?

MENARINI Group has an estimated 5,692 peer or competitor companies worldwide.

NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop

WindowsmacOSLinux

Download

Badge your company to reduce your risk score and your cyber insurance costs!

Link verified badges to your company page to build trust with insurers and customers.

Apply now and get your badge!

Internal validation & live display

Insurers and partners see a safer profile

Faster underwriting decisions

Trusted by insurers. Chosen by leaders.

Proud contributor to the Society of Actuaries.

MENARINI Group

Boost Score +25 with badge (5 left)

784

/1000

Fair

809

/1000

Good

MENARINI Group Vendor Cyber Rating & Cyber Score

menarini.com

Add Your Compliance Badge

The Menarini Group is a leading international pharmaceutical and diagnostics company, present in 140 countries worldwide, with a turnover of 4,37 Billion euro and more than 17,000 employees. With 9 centers for Research & Development, Menarini’s products are present in the most important therapeutic areas, including cardiology, oncology, gastroenterology, pneumology, infectious diseases, diabetes, and anti-inflammatory/analgesics. The Group’s pharmaceutical production is carried out in its 18 manufacturing plants, which produce over 609 million packets of product a year and distribute them to five continents. Menarini’s pharmaceutical production, in line with the highest quality standards, provides an ongoing contribution to the health

MENARINI Group A.I CyberSecurity Scoring

Scoring History

MENARINI Group

MENARINI Group CyberSecurity News & History

Past Incidents

Attack Types

Entity

Type

Severity

Impact

Seen

Blog Details

Supply Chain Source

Incident Details

View

No data available

Loading…

A.I.

MENARINI Group Company Scoring based on AI Models

Cyber Incidents Likelihood 3 - 6 - 9 months

Actual

Prediction

Incident Predictions locked

Access Monitoring Plan

A.I Risk Score Likelihood 3 - 6 - 9 months

Actual

Prediction A

Prediction B

Prediction C

Prediction D

A.I. Risk Score Predictions locked

Access Monitoring Plan

Loading…

Underwriter Stats for MENARINI Group

Incidents vs Pharmaceutical Manufacturing Industry Avg (This Year)

No incidents recorded for MENARINI Group in 2026.

Incidents vs All-Companies Average (This Year)

No incidents recorded for MENARINI Group in 2026.

Incident Types MENARINI Group vs Pharmaceutical Manufacturing Industry Avg (This Year)

No incidents recorded for MENARINI Group in 2026.

Incident History - MENARINI Group (X = Date, Y = Severity)

Loading…

SUBSIDIARY

MENARINI Group Subsidiaries

Parent Company

MENARINI Group

Pharmaceutical Manufacturing

Website: https://www.menarini.com

Company Size: 10,001+ employees

No subsidiary data available for this company.

Loading…

MENARINI Group Similar Companies

EMS

cb ems.com.br

Fundada há mais de 60 anos e com capital 100% nacional, a EMS é a líder do mercado farmacêutico brasileiro há 19 anos consecutivos, pertencente ao Grupo NC, um dos maiores conglomerados brasileiros. A empresa ocupa também a liderança no segmento de genéricos desde 2013 (IQVIA 2019) e está entre os maiores laboratórios em preferência prescritiva no Brasil. Tem forte presença em PDVs de todo o país e atuação nas áreas de Prescrição Médica, Genéricos, Marcas, OTC e Hospitalar, fabricando medicamentos para praticamente todas as especialidades da Medicina. Possui fábricas em Hortolândia (SP), Manaus (AM), Brasília (DF) e Jaguariúna (SP). A EMS apoia ações de responsabilidade social dentro e fora do Brasil. Em 2017, por exemplo, o laboratório fechou parceria com a Organização Mundial da Saúde (OMS) para doar 100% do medicamento para erradicar, nos próximos anos, em todo o planeta, a bouba, doença negligenciada. A EMS é a única farmacêutica no mundo a ter abraçado essa causa. O Centro de Pesquisa & Desenvolvimento da EMS no Brasil é o mais moderno da América Latina. Na Itália, a EMS tem o laboratório de pesquisas MonteResearch. O foco de atuação do laboratório é a inovação nas seguintes frentes: inovação incremental; genéricos de alta complexidade; medicamentos biotecnológicos, por meio da empresa Bionovis; e inovação disruptiva, por meio da Brace Pharma, empresa da EMS instalada em 2013 nos Estados Unidos. Ainda, nos EUA, por meio de sua controlada Vero Biotech, localizada em Atlanta, Geórgia, a EMS, recentemente, obteve a aprovação de seu primeiro produto revolucionário submetido à FDA (Food and Drug Administration), posicionando o laboratório como uma empresa de inovação no mercado global. Com aportes frequentes em infraestrutura fabril e em pesquisa de ponta para desenvolver produtos inovadores, eficazes e seguros, a EMS, que já exporta para mais de 40 países, está preparada para continuar cuidando das pessoas que querem viver cada vez mais e melhor.

SUN PHARMA

sunpharma.com

Sun Pharma is the world's fourth-largest speciality generic pharmaceutical company and No. 1 in India. We provide high-quality, affordable medicines trusted by customers and patients in over 100 countries. Sun Pharma's global presence is supported by more than 40 manufacturing facilities spread across 5 continents, R&D centres across the globe, and a multicultural workforce comprising over 50 nationalities. Sun Pharma fosters excellence through innovation supported by strong R&D capabilities comprising around 3,000 scientists and R&D investments of over 6-8% of annual revenues. At Sun, our people are our greatest asset. Ours has never been a story of individual brilliance but of cultivating a culture of realising collective potential. In our journey, everyone is enabled to take charge in an environment that offers limitless growth opportunities. We are with you every step of the way, so you can shine for years to come. With the launch of our Employee Value Proposition (EVP), we define our promise to ‘Create Your Own Sunshine'—driven by the three pillars of Better Every Day, Take Charge, and Thrive Together. These pillars drive progress at Sun so that people can achieve what they would have thought impossible. Learn more about our EVP here: https://sunpharma.com/careers/

Astellas Pharma

astellas.com

Astellas is a global life sciences company committed to turning innovative science into VALUE for patients. We provide transformative therapies in disease areas that include oncology, ophthalmology, urology, immunology and women's health. Through our research and development programs, we are pioneering new healthcare solutions for diseases with high unmet medical need. Visit our Global Astellas LinkedIn Community Guidelines to learn more about interacting with this page: https://www.astellas.com/en/global-linkedin-community-guidelines

Zoetis

zoetis.com

The world’s leading animal health company. We’ve been innovating ways to predict, prevent, detect, and treat animal illness for over 70 years, and we continue to stand by those raising and caring for animals worldwide – from veterinarians and pet owners to livestock farmers. Our leading portfolio and pipeline makes a difference in over 100 countries. Community Guidelines: This page is intended to share how Zoetis is advancing care for animals. We aspire to create a supportive community, but there are guidelines to which posts and comments on this page must adhere. If your post references a side effect related to any Zoetis product, we may contact you for more information. To monitor the safety of Zoetis products, we advise you to call our Veterinary Medical Information and Product Support Team at 1-888-963-8471; Support Team is available Mon-Fri 9am to 6:30pm ET. We reserve the right to remove any post/comment that violates LinkedIn Guidelines. As a last resort, we reserve the right to block users that demonstrate a repeated pattern of violating LinkedIn’s spirit of constructive, professional discourse. We respectfully request that you refrain from posting comments including: Unsolicited and/or unverified medical advice Vulgarity and/or profanity Discriminatory and/or derogatory comments, hate speech Politics and religion Personal attacks and/or threats Promotion of illegal activity Copyright/trademark infringements Topics that may be considered spam/advertising Our regular business hours are Mon-Fri 9am to 5pm ET. Zoetis does not endorse and is not responsible for information and opinions shared by community members. The information shared is provided for educational purposes only and is not intended to replace discussions with an animal healthcare professional. Testimonials represent individual experience only and the experiences and opinions of community members may be unique to the speaker. Terms of Use: https://www.zoetis.com/terms-of-use

Viatris

viatris.com

Viatris Inc. (NASDAQ: VTRS) is a global healthcare company uniquely positioned to bridge the traditional divide between generics and brands, combining the best of both to more holistically address healthcare needs globally. With a mission to empower people worldwide to live healthier at every stage of life, we provide access at scale. In 2022 alone, we supplied high-quality medicines to approximately 1 billion patients around the world. With our exceptionally extensive and diverse portfolio of medicines, a one-of-a-kind global supply chain designed to reach more people when and where they need them, and the scientific expertise to address some of the world’s most enduring health challenges, access takes on deep meaning at Viatris. We have the ability to touch all of life’s moments, from birth to end of life, acute conditions to chronic diseases. We are headquartered in the U.S., with global centers in Pittsburgh, Shanghai and Hyderabad, India Social Media Guidelines: https://newsroom.viatris.com/social-media-community-guidelines Investors: https://investor.viatris.com Corporate Social Responsibility: https://www.viatris.com/sustainability Connect with Viatris Instagram: https://www.instagram.com/viatrisinc X: https://www.x.com/viatrisinc Viatris and our recruiting firms will not ask for sensitive personal information, such as your social security number, date of birth or bank account details via text, email or social media. Additionally, Viatris representatives do not request payment or personal bank information nor send payment to purchase hardware on your own. Viatris.com is the primary source of all company job postings and authorized third-party career websites.

Sanofi

sanofi.com

We are an R&D driven, AI-powered biopharma company committed to improving people’s lives and delivering compelling growth. We apply our deep understanding of the immune system to invent medicines and vaccines that treat and protect millions of people around the world, with an innovative pipeline that could benefit millions more. Our team is guided by one purpose: we chase the miracles of science to improve people’s lives; this inspires us to drive progress and deliver positive impact for our people and the communities we serve, by addressing the most urgent healthcare, environmental, and societal challenges of our time. Interactions with this account must comply with the Terms: https://bit.ly/sanofi-terms

Cipla

cipla.com

Cipla is a leading global pharmaceutical company trusted by healthcare professionals and patients across the world since 1935. A compassionate approach to healthcare that goes beyond the pursuit of profit and growth has been the force impelling Cipla’s history over the years. Our credo and our purpose of ‘Caring for Life' continues to guide our actions towards our people and the planet for creating a sustainable future. Cipla today has presence in 80+ countries, providing over 1,500 products across various therapeutic categories in 50+ dosage forms. Keeping with our legacy of care, we constantly strive to ensure access to high-quality medicines that make a difference in the lives of patients. Our paradigm-changing offer of a triple anti-retroviral (ARV) therapy in HIV/AIDS at less than a dollar a day in Africa in 2001 was pivotal in bringing inclusiveness, accessibility and affordability to the centre of the HIV movement. An unmatched presence across the care continuum (awareness, prevention, diagnosis, treatment and adherence) and the widest range of drug-device combinations has established Cipla’s respiratory leadership in India and other key emerging markets. Armed with this legacy and a deep understanding of the lungs, we have articulated our aspiration to become a global lung leader and help millions breathe free.

MANKIND PHARMA LTD

mankindpharma.com

Mankind Pharma, one of the top 5 leading pharmaceutical companies in India, started its journey in 1995. Today, we have an employee base of over 20,000 and are racing towards $1 Billion. At Mankind, we aspire to aid the community in leading a healthy life by formulating, developing, commercializing, and delivering affordable and accessible medicines that satisfy urgent medical needs. We take great pride in the success of our products ranging from Pharma, OTC and FMCG brands like Manforce Condoms, Manforce Tablets, Manforce Staylong Gel, Unwanted 72, Prega News, Gas-O-Fast, Kaloree 1, Kabzend, Acne Star Gel and many others. Our operations are in 34 overseas destinations across Asia, Africa, South-East Asia, Gulf countries and CIS countries. Our Vision - To be a global pharmaceutical company, most admired for its Affordability, Quality and Accessibility of products. Our Mission - To be able to provide cost-effective, innovation based superior quality pharmaceutical products across the globe, to improve the lives of the patients. Mankind strongly believes and follows its Core Values: 𝐂𝐮𝐬𝐭𝐨𝐦𝐞𝐫 𝐂𝐞𝐧𝐭𝐫𝐢𝐜𝐢𝐭𝐲: Commitment to Customer - Internal and External 𝐐𝐮𝐚𝐥𝐢𝐭𝐲: It is in our DNA to maintain and deliver highest quality standards and products 𝐈𝐧𝐧𝐨𝐯𝐚𝐭𝐢𝐨𝐧: Intensely Research driven organization aiming at product innovation and technology improvements 𝐈𝐧𝐭𝐞𝐠𝐫𝐢𝐭𝐲: Always trustworthy, widely respected to be honest, and believed by everyone 𝐆𝐨 𝐁𝐞𝐲𝐨𝐧𝐝: Aim higher than capabilities 𝐏𝐞𝐨𝐩𝐥𝐞 𝐃𝐞𝐯𝐞𝐥𝐨𝐩𝐦𝐞𝐧𝐭 𝐚𝐧𝐝 𝐂𝐨𝐥𝐥𝐚𝐛𝐨𝐫𝐚𝐭𝐢𝐨𝐧: Together we are foreseeing future and diligently stimulating our people in attaining goals

Torrent Pharmaceuticals Ltd

cb torrentpharma.com

Torrent Pharma, with annual revenues of more than Rs 10,700 crores, is the flagship Company of the Torrent Group, with group revenues of Rs 41,000 crores. It is ranked 5th in the Indian Pharma Market and is among the Top 5 in the therapeutic segments of Cardiovascular (CV), Central Nervous System (CNS), Gastro-intestinal (GI), Vitamins Minerals Nutritionals (VMN) and Cosmo-Dermatology. The Company also has significant presence in diabetology, pain management, gynaecology, oncology and anti-infective segments. Torrent has 8 manufacturing facilities , of which 5 are USFDA approved. With R&D as the backbone for its growth in domestic & overseas market, it has invested significantly in R&D capabilities with state-of-the-art R&D infrastructure employing around 800 scientists. The acquisition of Elder Pharma's Indian branded business in 2013, Dermaceuticals business of Zyg Pharma in 2015, API plant of Glochem Industries in 2016, Women healthcare brands from Novartis and Unichem's Indian branded business along with its Sikkim Plant in 2017 strengthened Torrent Pharma's position in the Indian Pharma market. Torrent Pharma started international acquisitions in 2005 with entry into the German market. Today, the Company has presence in more than 50 countries and is ranked No. 1 among the Indian pharma Companies in Brazil and Germany. Torrent Pharma is committed towards “not just healthcare but lifecare.”

Loading…

NEWS

MENARINI Group CyberSecurity News

Latest updates, reports, and threat intel affecting the global network.

March 09, 2026 07:00 AM

Medidata Expands Partnership with The Menarini Group, Deploying Medidata’s Study Build AI Technology to Accelerate Global Oncology Pipeline

Fourteen-year collaboration enters a new phase as Menarini evolves its use of the Medidata Platform, combining established clinical...

Read Article

March 09, 2026 07:00 AM

Menarini nears €4.9 billion in 2025 and focuses on talent and AI as ‘giant’ players enter pharma

FLORENCE, Italy, March 09, 2026 (GLOBE NEWSWIRE) -- 2025 was a 'positive year” for Menarini, which is celebrating its 140th anniversary this...

Read Article

February 03, 2026 08:00 AM

Insilico Medicine Receives USD 5million Milestone Payment from Menarini Group Following First-in-Human (FIH) Achievement for MEN2501

Insilico Medicine ("Insilico"), a clinical-stage, generative artificial intelligence (AI)-driven biotechnology company, today announced that...

Read Article

January 13, 2025 08:00 AM

Firm Advises Insilico on Patent Matters Related to Exclusive Global License Agreement with Menarini Group

On January 10, 2025, leading international pharmaceutical and diagnostics company the Menarini Group and Stemline Therapeutics, Inc.,...

Read Article

January 13, 2025 08:00 AM

Menarini, Insilico Medicine deepen AI partnership with potential $550M deal

Drug discovery startup Insilico Medicine and Italian pharmaceutical company Menarini Group announced their second licensing agreement.

Read Article

May 05, 2020 07:00 AM

Menarini Group to buy Stemline Therapeutics in deal valued at $677m

Italian pharmaceutical and diagnostics company Menarini Group has signed a definitive agreement to acquire US-based Stemline Therapeutics...

Read Article

July 24, 2014 07:00 AM

Menarini Group Heirs Set To Inherit $10.4B, But The Tax Man Is After Them

Massimiliana Landini Aleotti and her three children, currently running Menarini, Italy's leading pharma company, are set to inherit an estimated fortune of $10...

Read Article

Loading…

CVE

Latest

Global CVEs (Not Company-Specific)

CVE-2026-53430

SUMMARY

Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in elixir-grpc grpc (GRPC.Compressor.Gzip, GRPC.Message modules) allows a denial of service via a gzip decompression bomb. This vulnerability is associated with program files lib/grpc/compressor/gzip.ex, lib/grpc/message.ex and program routines 'Elixir.GRPC.Compressor.Gzip':decompress/1, 'Elixir.GRPC.Message':from_data/2. 'Elixir.GRPC.Compressor.Gzip':decompress/1 calls :zlib.gunzip/1 directly on attacker-controlled bytes with no decompressed-size limit, ratio check, or incremental decoding. Because this module is the registered gzip GRPC.Compressor implementation, it is invoked automatically whenever an incoming gRPC frame carries the grpc-encoding: gzip header. :zlib.gunzip/1 allocates the entire decompressed result as a single binary, so a small highly compressible payload (for example a few kilobytes of zeros, which gzip compresses at roughly 1000:1) expands to multiple gigabytes inside a single call. The max_receive_message_length limit is enforced only against the already-decompressed message, so it provides no protection. An unauthenticated remote peer can send a single crafted frame to exhaust the BEAM node's heap and trigger an out-of-memory kill. This issue affects grpc: from 0.4.0 before 1.0.0.

Published

Date2026-06-15

Updated

Date2026-06-15

RISK INFORMATION (Score: )

cvss4

Base Score: 8.7

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

Exploitability

REFERENCES

CVE-2026-48854

SUMMARY

Allocation of Resources Without Limits or Throttling vulnerability in elixir-grpc grpc allows unauthenticated attackers to exhaust the BEAM's memory and crash the server by streaming a large or slow-trickle unary request body. 'Elixir.GRPC.Server.Adapters.Cowboy.Handler':read_full_body/3 (lib/grpc/server/adapters/cowboy/handler.ex) accumulates every received chunk into a single growing binary with no size cap. Additionally, when the client omits the grpc-timeout header, the per-chunk read timeout resolves to :infinity, allowing a slow-trickle client to keep the connection alive indefinitely while memory grows. A single connection is sufficient to exhaust server memory and crash the node. This issue affects grpc from 0.3.1 before 1.0.0.

Published

Date2026-06-15

Updated

Date2026-06-15

RISK INFORMATION (Score: )

cvss4

Base Score: 8.7

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

Exploitability

REFERENCES

CVE-2026-48853

SUMMARY

Deserialization of Untrusted Data and Allocation of Resources Without Limits or Throttling vulnerabilities in elixir-grpc grpc allow unauthenticated attackers to crash the BEAM node via atom table exhaustion and, when a decoded term flows into a call site that invokes it, achieve remote code execution on the server. 'Elixir.GRPC.Codec.Erlpack':decode/2 (lib/grpc/codec/erlpack.ex) calls :erlang.binary_to_term/1 on the raw gRPC message body without the :safe option, no size bound, and no type guard. Any unauthenticated peer that sends a request with Content-Type: application/grpc+erlpack can send a crafted payload that mints arbitrary new atoms (which are never garbage-collected, exhausting the bounded atom table and crashing the VM) or that encodes a fun term which, if applied anywhere downstream, executes attacker-controlled code inside the server process. This issue affects grpc from 0.4.0 before 1.0.0.

Published

Date2026-06-15

Updated

Date2026-06-15

RISK INFORMATION (Score: )

cvss4

Base Score: 9.2

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

Exploitability

REFERENCES

CVE-2026-48723

SUMMARY

The browserstack-cypress-cli is BrowserStack's CLI which allows users to run Cypress tests on BrowserStack. Versions prior to 1.36.4 are vulnerable to OS command injection via the cypress_config_file configuration parameter. In readCypressConfigUtil.js, the loadJsFile() function constructs a shell command by interpolating the user-controlled cypress_config_filepath value into a template literal, then executes it via child_process.execSync(). Shell metacharacters in the config path (specifically " and ;) allow breaking out of the quoted argument and injecting arbitrary commands. This issue has been fixed in version 1.36.6.

Published

Date2026-06-15

Updated

Date2026-06-15

RISK INFORMATION (Score: 7.8)

cvss3

Base Score: 7.8

Complexity: LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Impact Score

5.9

Exploitability

1.8

REFERENCES

CVE-2026-48599

SUMMARY

Authorization Bypass Through User-Controlled Key vulnerability in elixir-grpc grpc allows authenticated attackers to access or modify resources belonging to other users by smuggling a conflicting value for any path-bound field via the query string or request body. In 'Elixir.GRPC.Server.Transcode':map_request/5 (lib/grpc/server/transcode.ex), all three clauses use Map.merge/2 with path bindings as the first argument, giving them the lowest merge precedence. A request such as GET /users/me/profile?user_id=victim (or a POST with {"user_id": "victim"} when body: "*") yields a decoded protobuf struct where the path-bound field carries the attacker-supplied value rather than the router-extracted value. Any handler that uses the path-bound field for authorization, multi-tenancy scoping, or ownership checks is silently bypassed. This issue affects grpc from 0.8.0 before 1.0.0.

Published

Date2026-06-15

Updated

Date2026-06-15

RISK INFORMATION (Score: )

cvss4

Base Score: 7.6

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

Exploitability

REFERENCES

Loading…

API

Access Data Using Our API

Get company history

curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?
linkedin_id=axa' -H 'apikey: YOUR_API_KEY_HERE'

Try It API Documentation Rapid

MEASURE

What Do We Measure ?

Incident

Finding

Grade

Digital Assets

Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.

These are some of the factors we use to calculate the overall score:

Network SecurityIdentify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.

SBOM (Software Bill of Materials)Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.

CMDB (Configuration Management Database)Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.

Threat IntelligenceLeverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.

Rankiteo

By Rankiteo

★ ★ ★ ★ ★

View on G2.com

Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.

View latest plans →View all security reports →

MILESTONEG

Users
Love Us

Loading…