What is the official website of Oliver Peoples ?

The official website of Oliver Peoples is http://www.oliverpeoples.com.

What is Oliver Peoples's cybersecurity risk score?

Oliver Peoples has an AI-generated cybersecurity risk score of 763 out of 1000, indicating a Fair security posture according to Rankiteo's assessment.

How many security incidents has Oliver Peoples experienced?

According to Rankiteo, Oliver Peoples currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.

Has Oliver Peoples been affected by any supply chain cyber incidents ?

According to Rankiteo, Oliver Peoples has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.

Does Oliver Peoples have SOC 2 Type 1 certification ?

According to Rankiteo, Oliver Peoples is not certified under SOC 2 Type 1.

Does Oliver Peoples have SOC 2 Type 2 certification ?

According to Rankiteo, Oliver Peoples does not hold a SOC 2 Type 2 certification.

Does Oliver Peoples comply with GDPR ?

According to Rankiteo, Oliver Peoples is not listed as GDPR compliant.

Does Oliver Peoples have PCI DSS certification ?

According to Rankiteo, Oliver Peoples does not currently maintain PCI DSS compliance.

Does Oliver Peoples comply with HIPAA ?

According to Rankiteo, Oliver Peoples is not compliant with HIPAA regulations.

Does Oliver Peoples have ISO 27001 certification ?

According to Rankiteo,Oliver Peoples is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.

Which industry does Oliver Peoples operate in ?

Oliver Peoples operates primarily in the Retail Apparel and Fashion industry.

How many employees does Oliver Peoples have ?

Oliver Peoples employs approximately 158 people worldwide.

Does Oliver Peoples own any subsidiaries ?

Oliver Peoples presently has no subsidiaries across any sectors.

How many LinkedIn followers does Oliver Peoples have ?

Oliver Peoples's official LinkedIn profile has approximately 19,075 followers.

What is the NAICS classification code for Oliver Peoples ?

Oliver Peoples is classified under the NAICS code 448, which corresponds to Clothing and Clothing Accessories Stores.

Does Oliver Peoples have a Crunchbase profile ?

No, Oliver Peoples does not have a profile on Crunchbase.

Does Oliver Peoples have a LinkedIn profile ?

Yes, Oliver Peoples maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/oliver-peoples.

How many cybersecurity incidents has Oliver Peoples experienced ?

As of June 16, 2026, Rankiteo reports that Oliver Peoples has experienced 6 cybersecurity incidents.

How many peer or competitor companies does Oliver Peoples have ?

Oliver Peoples has an estimated 5,043 peer or competitor companies worldwide.

What types of cybersecurity incidents has Oliver Peoples faced ?

Incident Types: The types of cybersecurity incidents that have occurred include Ransomware, Breach and Cyber Attack.

NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop

WindowsmacOSLinux

Download

Badge your company to reduce your risk score and your cyber insurance costs!

Link verified badges to your company page to build trust with insurers and customers.

Apply now and get your badge!

Internal validation & live display

Insurers and partners see a safer profile

Faster underwriting decisions

Trusted by insurers. Chosen by leaders.

Proud contributor to the Society of Actuaries.

Oliver Peoples

Boost Score +25 with badge (5 left)

763

/1000

Fair

788

/1000

Fair

Oliver Peoples Vendor Cyber Rating & Cyber Score

oliverpeoples.com

Add Your Compliance Badge

A heritage brand born in the heart of West Hollywood, Oliver Peoples strives to be the most prestigious and culturally distinctive eyewear company in the world. Oliver Peoples' passion for superior product and service are core values and have remained at the heart of the brand and endure today. Through an authentic and consistent voice, Oliver Peoples has never relied on a logo but instead on fostering relationships with like-minded consumers.

Oliver Peoples A.I CyberSecurity Scoring

Scoring History

Oliver Peoples

Oliver Peoples CyberSecurity News & History

Past Incidents

Attack Types

Entity

Type

Severity

Impact

Seen

Blog Details

Supply Chain Source

Incident Details

View

Oliver Peoples

Breach

100

05/2023

LUX52424923

Oliver Peoples

Ransomware

10/2020

LUX202211222

Oliver Peoples

Cyber Attack

8/2020

ESS023091825

Oliver Peoples

Breach

6/2020

EYE480244810072...

Oliver Peoples

Breach

5/2020

FGX254071625

Oliver Peoples

Cyber Attack

9/2018

EYE249072825

Loading…

A.I.

Oliver Peoples Company Scoring based on AI Models

Cyber Incidents Likelihood 3 - 6 - 9 months

Actual

Prediction

Incident Predictions locked

Access Monitoring Plan

A.I Risk Score Likelihood 3 - 6 - 9 months

Actual

Prediction A

Prediction B

Prediction C

Prediction D

A.I. Risk Score Predictions locked

Access Monitoring Plan

Loading…

Underwriter Stats for Oliver Peoples

Incidents vs Retail Apparel and Fashion Industry Avg (This Year)

No incidents recorded for Oliver Peoples in 2026.

Incidents vs All-Companies Average (This Year)

No incidents recorded for Oliver Peoples in 2026.

Incident Types Oliver Peoples vs Retail Apparel and Fashion Industry Avg (This Year)

No incidents recorded for Oliver Peoples in 2026.

Incident History - Oliver Peoples (X = Date, Y = Severity)

Loading…

SUBSIDIARY

Oliver Peoples Subsidiaries

Oliver Peoples

Retail Apparel and Fashion

Website: http://www.oliverpeoples.com

Company Size: 158

EssilorLuxotticaManufacturing

Barberini®️Manufacturing

LuxotticaLuxury Goods & Jewelry

OPSMRetail

Essilor GroupMedical Equipment Manufacturing

Essilor Pro-EyecareMedical Equipment Manufacturing

OakleyRetail Apparel and Fashion

Transitions OpticalMedical Device

LensCraftersRetail Apparel and Fashion

OneSight EssilorLuxottica Foundation EUROPENon-profit Organizations

Laubman & Pank OptometristsRetail

Ray-BanRetail Apparel and Fashion

Pearle VisionRetail

Opticas GMORetail

Essilor Vision Foundation - USAHospitals and Health Care

Vision Impact InstituteResearch Services

Target OpticalRetail

EyebuydirectRetail Apparel and Fashion

All About VisionOnline Audio and Video Media

EyeMed Vision CareInsurance

FGX InternationalManufacturing

OneSight EssilorLuxottica FoundationHospitals and Health Care

Nikon-EssilorWholesale

Salmoiraghi & ViganòRetail

Nuance AudioRetail Health and Personal Care Products

PersolRetail Apparel and Fashion

Vision ExpressRetail

Sunglass HutRetail Apparel and Fashion

GrandVision ItalyRetail

GRANDVISION FRANCERetail

Atasun OptikRetail

Atasun AkademiHuman Resources Services

OptissimO & Corner Optique - GrandVision ItalyRetail

GrandVision PortugalRetail

MultiópticasRetail

GlassesUSA.comRetail

GrandVision by FototicaRetail

+VisiónRetail

Avanzi Holding - Grand Vision BVRetail

VisilabRetail

Visilab AtWorkRetail

Smarteyes SverigeRetail

Vision DirectRetail

Glasses DirectRetail

For EyesRetail

LAFAMRetail

eÓticaTechnology, Information and Internet

Glasses.comRetail

SolarisRetail

BrillelandRetail

Careers BrillelandRetail

Smarteyes DanmarkRetail

Lensway GroupRetail

GrandVision UYRetail

Interoptik ASRetail

Careers InteroptikRetail

Kochoptik AGRetail

Zonnebrillen.comRetail

Más Visión MéxicoWholesale

Transitions Optical UKManufacturing

Spectacle HutRetail Apparel and Fashion

InstrumentariumMedical Equipment Manufacturing

Mat Viet GroupRetail

Synoptik SwedenRetail

GrandOptical GreeceRetail

LensmasterRetail

GrandVision ChinaRetail

e-lensRetail

Leonardo EssilorLuxotticaE-Learning Providers

SightProtect by EssilorLuxotticaMedical Equipment Manufacturing

Transitions lensesMedical Equipment Manufacturing

Loading…

Oliver Peoples Similar Companies

Coach

coach.com

Coach was founded in 1941 as a family-run workshop. In a Manhattan loft, six artisans handcrafted a collection of leather goods using skills handed down from generation to generation. Discerning consumers soon began to seek out the quality and unique nature of Coach craftsmanship. Now greatly expanded, Coach is a modern American luxury brand with a rich heritage of craftsmanship and New York style. We continue to maintain the highest standards for materials and workmanship. Coach's exceptional workforce remains committed to carefully upholding the principles of quality and integrity that define the company. We attribute the prominence of the Coach brand to the unique combination of our original American attitude and design, our heritage of fine leather goods and custom fabrics, our superior product quality and durability, and our commitment to customer service.

Under Armour

underarmour.com

Under Armour is obsessed with being better, stronger, and more focused than anyone else out there. Our mission: to make athletes better. Our vision: to inspire you with performance solutions you never knew you needed and can’t imagine living without. Our values define and unite us, the beliefs that are the red thread that connect everyone at Under Armour. Our values are rallying cries, reminding us why we’re here, and fueling everything we do. LOVE ATHLETES We believe in waking up every morning to make athletes legendary. From the best of the best to the ones just getting started, we put the athlete at the center of everything we do. We create fearlessly with the courage and conviction to defy convention. We innovate by taking bold and smart risks. We show up big where athletes train, compete, and recover. CELEBRATE THE WINS We believe our victories, big and small, bring us together as a team. We celebrate our accomplishments, giving credit where it's due. We take time to have fun. We channel past successes to inspire our next win. STAND FOR EQUALITY We believe sport is the great unifier. We don't sit on the sidelines; we speak up for fairness and equity. We treat each other with respect. We apply different perspectives in our work. We come together as a force for good to serve the communities we represent. ACT SUSTAINABLY We believe our work is not just what we do but how we do it. We work ethically and efficiently to perfect performance while reusing the Earth's resources. We seek new information to develop lasting solutions. We protect our planet for all who now play, and all who will play, on our home field. FIGHT ON TOGETHER We believe strength is built through tackling adversity. We act with an enterprise mindset in the best interest of the Brand. We help each other overcome obstacles. We act with integrity, have honest conversations and grow over mistakes. We approach challenges with positive intent and never quit.

C&A

c-and-a.com

Ever since our founding by the brothers Clemens and August in 1841, C&A has been at the forefront of fashion. From making 'ready-to-wear' a thing when custom-made was the norm, to popularising miniskirts in the 60s, introducing the Com-bi-kini in the 70s, Bio Cotton in early 2000 and the first Cradle-to-Cradle Gold certified garment (www.c-a.com/c2c) in 2017 - we have always evolved with the times, making stylish and quality clothes possible for everyone. And while C&A and the world around us has changed over the decades, one thing has remained the same: our dedication to offering sustainable and quality fashion for the entire family. Each day we welcome millions of visitors in about 1300 stores across 17 European countries. C&A is one of the most enduring and pioneering retailer brands in global apparel. That is because, for us the future is not tomorrow, or next quarter. We think in generations. This also means that we aspire for a future fashion industry that is more innovative and sustainable; one that has moved towards a circular future, and promotes a cycle of use, reuse and rebirth of clothing. That future will be possible because of our remarkable colleagues. From customer friendly Sales Associates to stylish Designers and expert Merchandise Planners – we all share a common passion and respect for our customers, our planet and each other. Do you see yourself as part of this strong team? Then visit us on https://www.c-and-a.com/eu/en/corporate/company/careers/start to browse our job opportunities - and join the company! Imprint: https://www.c-and-a.com/de/de/corporate/impressum/

MANGO

mango.com

Mango, one of the leading international fashion groups, is a global company with design and creativity at the heart of its business model and a strategy based on constant innovation, the pursuit of sustainability and a complete ecosystem of channels and partners. With its roots in Barcelona, one of the cradles of the textile industry, since it was founded in 1984, Mango has spent four decades looking to the future and inspiring the world with its passion for fashion and lifestyle. With the customer always its priority, the company bases its model on a unique fashion proposal focused on translating key fashion trends into its own language. At the Campus Mango, located at the company headquarters (Palau-solità i Plegamans, Barcelona), the company works on all areas related to creativity and every year creates over 18,000 garments and accessories. Present in more than 120 markets and with a network of 2,900 points of sales, Mango adapts to each country with a complete ecosystem of channels and international partners. The company closed 2024 with a turnover of 3.3 billion euros, with 32% of turnover coming from its online channel and with a workforce of more than 16,400 employees in all five continents. More information at www.mangofashiongroup.com

Tailored Brands, Inc.

cb tailoredbrands.com

Our Purpose: We help people love the way they look and feel for their most important moments. Our Values: • Customer-First - We put customers at the center of every decision • Win Together - We rally together to achieve common goals • Better Every Day - We strive for excellence and continuous improvement • Everyone Is Welcome - We value differences and know they make us better • Act With Integrity - We show up with courage to always do the right thing

C&A Brasil

cea.com.br

A C&A foi fundada em 1841 pelos irmãos holandeses Clemens e August. Suas iniciais deram origem ao nome da marca. Somamos mais de 1,8 mil unidades em 24 países da Europa, América Latina e Ásia e estamos entre as maiores redes de varejo do mundo. No Brasil, tudo começou em 1976, com a inauguração da nossa primeira loja no Shopping Ibirapuera, em São Paulo. Claro que, desde lá, muita coisa mudou. Mas nossa filosofia de trabalho continua a mesma – oferecer o melhor da moda por preços acessíveis! Hoje já temos mais de 330 lojas em 150 cidades e mais de 15 mil profissionais empregados. Muita gente, não é!? E sabe qual é o segredo do nosso sucesso? Além da busca constante por inovação, há também nosso esforço para superar as expectativas das pessoas e deixar um legado positivo. Desde outubro de 2019 somos uma empresa listada na Bolsa brasileira (B3), com destaque no varejo brasileiro em aspectos que englobam desde a sustentabilidade na rede de fornecimento até a jornada omnicanal oferecida a nossa cliente. Missão e valores Somos uma empresa inovadora, divertida e, acima de tudo, apaixonada pelas pessoas. Ao longo de mais de 180 anos de história, atuamos com ética e foco para que você e todos os nossas clientes estejam sempre satisfeitos. A responsabilidade social e a transparência acompanham a a marca desde o início e são compartilhadas com quem nos relacionamos - funcionários, fornecedores, clientes, investidores e a comunidade. Publicamos anualmente o Relatório de Sustentabilidade, reforçando o compromisso com a transparência em todas as áreas de atuação da empresa e construindo uma moda com impacto positivo. Informamos que tópicos de publicidade, spam ou que não estiverem de acordo com a proposta desta página serão removidos.

Aditya Birla Fashion and Retail Ltd.

abfrl.com

Aditya Birla Fashion and Retail Limited (ABFRL), part of the Aditya Birla Group, is India’s leading fashion powerhouse, offering a distinguished portfolio of renowned brands and retail formats, catering to multiple high-growth segments. As of March 31, 2025, the Company has presence across 1,167 stores spanning 7.3 Mn sq.ft. retail space. ABFRL’s portfolio includes Pantaloons, one of India’s most loved fashion destinations, and OWND!, a growing value retail format. The Company also operates The Collective, who commands a dominant position as one of the country’s most influential multi-brand luxury retailers, with exclusive long-term tie-ups with global fashion brands including Ralph Lauren, Hackett London, Ted Baker and Fred Perry. ABFRL has also partnered with Paris based Galeries Lafayette to introduce a high-end luxury destination in India. ABFRL is a market leader in branded ethnic wear, its portfolio includes Jaypore, Tasva and TCNS brands and it has forged strategic partnerships with India’s top designers such as Shantnu & Nikhil, Tarun Tahiliani, Sabyasachi, and House of Masaba. Recently, the Company further expanded its ethnic wear leadership with the integration of TCNS brands, home to leading women’s brands W, Aurelia, Wishful, Elleven and Folksong. To address the evolving preferences of digitally native consumers, ABFRL is also building a portfolio of new-age, digital-first fashion brands under its tech-led venture TMRW. This platform collaborates with emerging entrepreneurs to co-create scalable fashion businesses in India’s rapidly expanding fashion ecosystem.

Levi Strauss & Co.

cb levistrauss.com

You’re an original. So are we. We’re a company of people who like to forge our own path. We invented the blue jean in 1873, and we reinvented khaki pants in 1986. We pioneered labor and environmental guidelines in manufacturing. And we work to build sustainability into everything we do. We just might be the original startup. Our brands — Levi’s®, Dockers®, Beyond Yoga®, Denizen® and Signature by Levi Strauss & Co.™ — stand for freedom and self-expression around the world. And for more than 170 years, we’ve used the strength of our brands to lead with our values and make an outsized impact on the world. There’s plenty of room to make your mark here. We employ more than 15,000 people around the world, and this is a place where everyone contributes to the conversation. Levi Strauss & Co. is an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender, national origin, disability status, protected veteran status or any other characteristic protected by law.

J.Crew

jcrew.com

Since 1983, we’ve been designing pieces that feel both familiar and refreshingly new, crafted with unbeatable quality and distinctive point of view...it’s no wonder we’ve been in your closet for four decades and counting. Today, we continue to do the classics our way, inspiring not only how you shop but also how you express your personal style. Our commitment runs deeper than just making great clothes—we're proud of our role in getting you dressed with confidence, character and the unique style sensibility that makes us who we are.

Loading…

NEWS

Oliver Peoples CyberSecurity News

Latest updates, reports, and threat intel affecting the global network.

August 12, 2025 07:00 AM

Shocking amount of Aussies hit by cybercrime last year

The alarming figures came to light in a new report, despite more people feeling they were confident at using technology than the previous...

Read Article

May 17, 2024 07:00 AM

ChatGPT-4o Is Wildly Capable, But It Could Be A Privacy Nightmare

OpenAI's ChatGPT-4o comes with impressive capabilities, but it also poses privacy risks. Here's everything you need to know.

Read Article

May 26, 2023 09:16 AM

Careers

EssilorLuxottica Careers: join our global team of visionaries dedicated to improving lives by improving sight. Explore our job opportunities today.

Read Article

October 04, 2021 07:00 AM

A system of systems: Cooperation on maritime cybersecurity

This report segments the MTS into three discrete systems—ships, ports, and cargo—each with its own life cycle...

Read Article

January 08, 2018 08:00 AM

Journalism schools still behind on cybersecurity training, new survey finds

The majority of journalism schools surveyed devote less than two hours to digital security training. Yet, new data collected by the Citizen Lab suggests that...

Read Article

February 25, 2016 08:00 AM

Australia’s top hackers get PM’s awards

Three teams of UNSW hackers made history in 2015, taking out – for the third year in a row – 1st, 2nd and 3rd in the Australia's toughest...

Read Article

Loading…

CVE

Latest

Global CVEs (Not Company-Specific)

CVE-2026-53430

SUMMARY

Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in elixir-grpc grpc (GRPC.Compressor.Gzip, GRPC.Message modules) allows a denial of service via a gzip decompression bomb. This vulnerability is associated with program files lib/grpc/compressor/gzip.ex, lib/grpc/message.ex and program routines 'Elixir.GRPC.Compressor.Gzip':decompress/1, 'Elixir.GRPC.Message':from_data/2. 'Elixir.GRPC.Compressor.Gzip':decompress/1 calls :zlib.gunzip/1 directly on attacker-controlled bytes with no decompressed-size limit, ratio check, or incremental decoding. Because this module is the registered gzip GRPC.Compressor implementation, it is invoked automatically whenever an incoming gRPC frame carries the grpc-encoding: gzip header. :zlib.gunzip/1 allocates the entire decompressed result as a single binary, so a small highly compressible payload (for example a few kilobytes of zeros, which gzip compresses at roughly 1000:1) expands to multiple gigabytes inside a single call. The max_receive_message_length limit is enforced only against the already-decompressed message, so it provides no protection. An unauthenticated remote peer can send a single crafted frame to exhaust the BEAM node's heap and trigger an out-of-memory kill. This issue affects grpc: from 0.4.0 before 1.0.0.

Published

Date2026-06-15

Updated

Date2026-06-15

RISK INFORMATION (Score: )

cvss4

Base Score: 8.7

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

Exploitability

REFERENCES

CVE-2026-48854

SUMMARY

Allocation of Resources Without Limits or Throttling vulnerability in elixir-grpc grpc allows unauthenticated attackers to exhaust the BEAM's memory and crash the server by streaming a large or slow-trickle unary request body. 'Elixir.GRPC.Server.Adapters.Cowboy.Handler':read_full_body/3 (lib/grpc/server/adapters/cowboy/handler.ex) accumulates every received chunk into a single growing binary with no size cap. Additionally, when the client omits the grpc-timeout header, the per-chunk read timeout resolves to :infinity, allowing a slow-trickle client to keep the connection alive indefinitely while memory grows. A single connection is sufficient to exhaust server memory and crash the node. This issue affects grpc from 0.3.1 before 1.0.0.

Published

Date2026-06-15

Updated

Date2026-06-15

RISK INFORMATION (Score: )

cvss4

Base Score: 8.7

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

Exploitability

REFERENCES

CVE-2026-48853

SUMMARY

Deserialization of Untrusted Data and Allocation of Resources Without Limits or Throttling vulnerabilities in elixir-grpc grpc allow unauthenticated attackers to crash the BEAM node via atom table exhaustion and, when a decoded term flows into a call site that invokes it, achieve remote code execution on the server. 'Elixir.GRPC.Codec.Erlpack':decode/2 (lib/grpc/codec/erlpack.ex) calls :erlang.binary_to_term/1 on the raw gRPC message body without the :safe option, no size bound, and no type guard. Any unauthenticated peer that sends a request with Content-Type: application/grpc+erlpack can send a crafted payload that mints arbitrary new atoms (which are never garbage-collected, exhausting the bounded atom table and crashing the VM) or that encodes a fun term which, if applied anywhere downstream, executes attacker-controlled code inside the server process. This issue affects grpc from 0.4.0 before 1.0.0.

Published

Date2026-06-15

Updated

Date2026-06-15

RISK INFORMATION (Score: )

cvss4

Base Score: 9.2

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

Exploitability

REFERENCES

CVE-2026-48723

SUMMARY

The browserstack-cypress-cli is BrowserStack's CLI which allows users to run Cypress tests on BrowserStack. Versions prior to 1.36.4 are vulnerable to OS command injection via the cypress_config_file configuration parameter. In readCypressConfigUtil.js, the loadJsFile() function constructs a shell command by interpolating the user-controlled cypress_config_filepath value into a template literal, then executes it via child_process.execSync(). Shell metacharacters in the config path (specifically " and ;) allow breaking out of the quoted argument and injecting arbitrary commands. This issue has been fixed in version 1.36.6.

Published

Date2026-06-15

Updated

Date2026-06-15

RISK INFORMATION (Score: 7.8)

cvss3

Base Score: 7.8

Complexity: LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Impact Score

5.9

Exploitability

1.8

REFERENCES

CVE-2026-48599

SUMMARY

Authorization Bypass Through User-Controlled Key vulnerability in elixir-grpc grpc allows authenticated attackers to access or modify resources belonging to other users by smuggling a conflicting value for any path-bound field via the query string or request body. In 'Elixir.GRPC.Server.Transcode':map_request/5 (lib/grpc/server/transcode.ex), all three clauses use Map.merge/2 with path bindings as the first argument, giving them the lowest merge precedence. A request such as GET /users/me/profile?user_id=victim (or a POST with {"user_id": "victim"} when body: "*") yields a decoded protobuf struct where the path-bound field carries the attacker-supplied value rather than the router-extracted value. Any handler that uses the path-bound field for authorization, multi-tenancy scoping, or ownership checks is silently bypassed. This issue affects grpc from 0.8.0 before 1.0.0.

Published

Date2026-06-15

Updated

Date2026-06-15

RISK INFORMATION (Score: )

cvss4

Base Score: 7.6

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

Exploitability

REFERENCES

Loading…

API

Access Data Using Our API

Get company history

curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?
linkedin_id=axa' -H 'apikey: YOUR_API_KEY_HERE'

Try It API Documentation Rapid

MEASURE

What Do We Measure ?

Incident

Finding

Grade

Digital Assets

Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.

These are some of the factors we use to calculate the overall score:

Network SecurityIdentify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.

SBOM (Software Bill of Materials)Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.

CMDB (Configuration Management Database)Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.

Threat IntelligenceLeverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.

Rankiteo

By Rankiteo

★ ★ ★ ★ ★

View on G2.com

Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.

View latest plans →View all security reports →

MILESTONEG

Users
Love Us

Loading…