What is the official website of One Stop Stores Ltd ?

The official website of One Stop Stores Ltd is http://www.onestop.co.uk.

What is One Stop Stores Ltd's cybersecurity risk score?

One Stop Stores Ltd has an AI-generated cybersecurity risk score of 776 out of 1000, indicating a Fair security posture according to Rankiteo's assessment.

How many security incidents has One Stop Stores Ltd experienced?

According to Rankiteo, One Stop Stores Ltd currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.

Has One Stop Stores Ltd been affected by any supply chain cyber incidents ?

According to Rankiteo, One Stop Stores Ltd has been affected by multiple supply chain cyber incidents. The affected supply chain sources and their corresponding incident IDs are: Peter Green Chilled (Incident ID: MARCALWAISAITOYTHEMORPET-TE1772023906) Peter Green Chilled (Incident ID: PETBLATOT-TE1770804130)

Does One Stop Stores Ltd have SOC 2 Type 1 certification ?

According to Rankiteo, One Stop Stores Ltd is not certified under SOC 2 Type 1.

Does One Stop Stores Ltd have SOC 2 Type 2 certification ?

According to Rankiteo, One Stop Stores Ltd does not hold a SOC 2 Type 2 certification.

Does One Stop Stores Ltd comply with GDPR ?

According to Rankiteo, One Stop Stores Ltd is not listed as GDPR compliant.

Does One Stop Stores Ltd have PCI DSS certification ?

According to Rankiteo, One Stop Stores Ltd does not currently maintain PCI DSS compliance.

Does One Stop Stores Ltd comply with HIPAA ?

According to Rankiteo, One Stop Stores Ltd is not compliant with HIPAA regulations.

Does One Stop Stores Ltd have ISO 27001 certification ?

According to Rankiteo,One Stop Stores Ltd is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.

Which industry does One Stop Stores Ltd operate in ?

One Stop Stores Ltd operates primarily in the Retail industry.

How many employees does One Stop Stores Ltd have ?

One Stop Stores Ltd employs approximately 2,424 people worldwide.

Does One Stop Stores Ltd own any subsidiaries ?

One Stop Stores Ltd presently has no subsidiaries across any sectors.

How many LinkedIn followers does One Stop Stores Ltd have ?

One Stop Stores Ltd's official LinkedIn profile has approximately 14,411 followers.

What is the NAICS classification code for One Stop Stores Ltd ?

One Stop Stores Ltd is classified under the NAICS code 43, which corresponds to Retail Trade.

Does One Stop Stores Ltd have a Crunchbase profile ?

No, One Stop Stores Ltd does not have a profile on Crunchbase.

Does One Stop Stores Ltd have a LinkedIn profile ?

Yes, One Stop Stores Ltd maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/onestop-stores-ltd.

How many cybersecurity incidents has One Stop Stores Ltd experienced ?

As of June 16, 2026, Rankiteo reports that One Stop Stores Ltd has experienced 8 cybersecurity incidents.

How many peer or competitor companies does One Stop Stores Ltd have ?

One Stop Stores Ltd has an estimated 15,857 peer or competitor companies worldwide.

What types of cybersecurity incidents has One Stop Stores Ltd faced ?

Incident Types: The types of cybersecurity incidents that have occurred include Vulnerability, Breach, Data Leak and Cyber Attack.

NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop

WindowsmacOSLinux

Download

Badge your company to reduce your risk score and your cyber insurance costs!

Link verified badges to your company page to build trust with insurers and customers.

Apply now and get your badge!

Internal validation & live display

Insurers and partners see a safer profile

Faster underwriting decisions

Trusted by insurers. Chosen by leaders.

Proud contributor to the Society of Actuaries.

OSSL

Boost Score +25 with badge (5 left)

776

/1000

Fair

801

/1000

Good

One Stop Stores Ltd Vendor Cyber Rating & Cyber Score

onestop.co.uk

Add Your Compliance Badge

One Stop is a retail convenience business with over 1000 shops. We aim to be the best store for our customers in your neighbourhood. Since 2003 we have been a subsidiary of Tesco, but we operate as a separate business. With over 10,600 colleagues, we are a major employer. 5 great reasons to join us: • We're successful, we're growing and we always try and do the best for our customers. • Working for One stop is not just a job – it’s a career, with industry leading accredited or endorsed programmes and a commitment to develop our talent internally. • We offer a variety of roles across our Stores, Head Office and Distribution Centres, so you should find something right up your street. • We offer great rewards and benefits in recognition of

OSSL A.I CyberSecurity Scoring

Scoring History

OSSL

One Stop Stores Ltd CyberSecurity News & History

Past Incidents

Attack Types

Entity

Type

Severity

Impact

Seen

Blog Details

Supply Chain Source

Incident Details

View

Tesco

Vulnerability

3/2026

AST-TESHE177367...

Tesco

Cyber Attack

5/2025

Peter Green Chi...

MARCALWAISAITOY...

Tesco

Cyber Attack

100

5/2025

Peter Green Chi...

PETBLATOT-TE177...

One Stop Stores Ltd

Cyber Attack

10/2021

TES18811222

One Stop Stores Ltd

Breach

100

6/2021

-TE442014409192...

One Stop Stores Ltd

Data Leak

3/2020

TES14324423

One Stop Stores Ltd

Data Leak

03/2018

TES20379622

One Stop Stores Ltd

Data Leak

02/2014

TES122441222

Loading…

A.I.

OSSL Company Scoring based on AI Models

Cyber Incidents Likelihood 3 - 6 - 9 months

Actual

Prediction

Incident Predictions locked

Access Monitoring Plan

A.I Risk Score Likelihood 3 - 6 - 9 months

Actual

Prediction A

Prediction B

Prediction C

Prediction D

A.I. Risk Score Predictions locked

Access Monitoring Plan

Loading…

Underwriter Stats for OSSL

Incidents vs Retail Industry Avg (This Year)

No incidents recorded for One Stop Stores Ltd in 2026.

Incidents vs All-Companies Average (This Year)

No incidents recorded for One Stop Stores Ltd in 2026.

Incident Types OSSL vs Retail Industry Avg (This Year)

No incidents recorded for One Stop Stores Ltd in 2026.

Incident History - OSSL (X = Date, Y = Severity)

Loading…

SUBSIDIARY

One Stop Stores Ltd Subsidiaries

OSSL

Retail

Website: http://www.onestop.co.uk

Company Size: 2,424

TescoRetail

One Stop Commercial PropertyReal Estate

One Stop FranchiseRetail

Loading…

One Stop Stores Ltd Similar Companies

H&M Group

hmgroup.com

Founded in 1947, H&M Group is a global design company with ~4,702 stores in 76 markets and 56 online markets. At H&M Group, we believe in making great design available to everyone. It’s essential in everything we do. Our family of brands and business ventures offer customers around the world a wealth of fashion, beauty, accessories and homeware, as well as modern menus with fresh and local produce at some of the brands’ in-store eateries. But design is so much more than just products; it’s about clever design processes, efficient product flows, creating experiences that enrich, and smart solutions that benefit all our customers. Sustainability is always at the core of our business. Not only because we like to do what’s right — but it’s also beneficial for our business. We will continue to push for change and lead the way towards a more inclusive and sustainable fashion future. Do you want to join us? We will trust you with great responsibility right from the start, reward a passionate mindset and encourage an entrepreneurial spirit. When you start a career with H&M Group, there’s no limit to where it can take you. H&M Group's Moderation Policy: Welcome to H&M Group’s official LinkedIn page. Ask questions, exchange ideas and meet members and employees from all over the world. This page is moderated daily and we always do our best to answer each one of you in a timely manner. Please remember to keep a friendly tone and in line with LinkedIn’s legal terms at https://www.linkedin.com/legal/user-agreement Comments and posts that contain foul language, are off-topic or unnecessarily rude will be deleted. We also encourage you to report any inappropriate content. We use an external tool to handle the comments on our page, so please note that your comments can be stored. For questions, please contact our team at [email protected].

Canadian Tire Corporation

canadiantire.ca

Canadian Tire Corporation, Limited (“CTC”) is one of Canada’s most admired and trusted companies. With world-class owned brands and exciting market-leading merchandising strategies, we are continually innovating with purpose: to be there for Canadians from coast-to-coast. We are a group of companies that includes a retail segment, a financial services division and CT REIT. Our retail business is led by Canadian Tire, which was founded in 1922 and provides Canadians with products for life in Canada across its Living, Playing, Fixing, Automotive and Seasonal & Gardening categories. Party City, PartSource and Gas+ are key parts of the Canadian Tire network. Our retail segment also includes Mark's, a leading source for casual and industrial wear, Pro Hockey Life, a hockey speciality store catering to elite athletes, and SportChek, Hockey Experts, Sports Experts, and Atmosphere, which offer the best active wear brands. Our 1,700 retail and gasoline outlets are supported and strengthened by our Financial Services division and the tens of thousands of people employed across the country by our Company, local Dealers, franchisees and petroleum retailers. In addition, CTC owns and operates Helly Hansen, a leading technical outdoor brand based in Oslo, Norway. CTC is an integral part of the communities in which we operate and our legacy of community support, through national and local programs, is initiated and executed by our Corporation, Dealers, franchisees, store operators and employees. Since 2005, our Canadian Tire Jumpstart Charities has been helping kids overcome financial and accessibility barriers to sport and recreation in an effort to provide inclusive play for all kids of all abilities. For more information, visit corp.canadiantire.ca.

Sam's Club

samsclub.com

Sam’s Club (Nasdaq: WMT) a division of Walmart Inc., is the membership warehouse club solution for everyday living. Our President and CEO is Chris Nicholas and our headquarters is in Bentonville, AR. For the fiscal year ending January 31, 2023, Sam’s Club’s total revenue was $84.3 billion. There are almost 600 clubs across the U.S and Puerto Rico and each averages approximately 136,000 square feet. Our first club opened in Midwest City, Oklahoma, in 1983. Many clubs include sustainable features such as day-lighting with skylights, night dimming, central energy management, water-conserving fixtures, natural concrete floors and recycling. Sam’s Club employs thousands of associates in the U.S. and Puerto Rico. Approximately 75 percent of club management was promoted from hourly positions. In addition to the leading national brands, Sam's Club also features Member's Mark, an exclusive, premium-quality private brand. Member's Mark products are exclusive designs that use top-of-the-line materials and the highest quality ingredients to make sure they have the best quality and value at members-only prices. A Sam’s Club membership can more than pay for itself with exclusive savings on the items you need, the items you love and all sorts of unexpected items. Sam’s Club focuses on providing members with exclusive savings and quality merchandise, as well as services like Delivery from Club and Curbside Pickup, savings on fuel, full-service Pharmacy and more. We offer our members the most choices on how to shop with us, anywhere, any time. With over 40 years of innovating in the category, Sam’s Club continues to redefine club membership shopping with its curated assortment of quality fresh food and Member’s Mark® items, in addition to market leading technologies and services like Scan & Go™️, curbside pickup and home delivery. Visit the Sam's Club Newsroom, shop at SamsClub.com or connect with Sam's Club on LinkedIn, X, Facebook, Instagram, TikTok and Pinterest.

Sears

bit.ly

Sears is a leading integrated retailer and provider focused on seamlessly connecting the digital and physical shopping experiences to serve our members - wherever, whenever and however they want to shop. We are part of the Transformco family of brands which operates through its subsidiaries, including Sears Home Services and Kmart, with full-line and specialty retail stores across the United States. We are also home to Shop Your Way®, a social shopping platform offering members rewards for shopping at Sears and Kmart as well as with other retail partners. The company is the nation's largest provider of home services, with more than 14 million service and installation calls made annually. For more information, visit https://jobs.sears.com/.

Arbonne

arbonne.com

Arbonne, creates personal skincare and wellness products that are crafted with premium botanical ingredients and innovative scientific discovery. Delivering on the Company’s commitment to pure, safe and beneficial products, Arbonne’s personal care and nutrition formulas are vegan certified and adhere to a strict Purity and Safety Ingredient Policy. The History The idea to provide skin care products unparalleled in quality and effectiveness developed in Switzerland in 1975, when one man, Petter Mørck, together with a group of leading bio-chemists, biologists and herbalists, fulfilled his vision and founded Arbonne. Arbonne's skin care products, based on botanical principles, became a reality in the United States in 1980 and are now shared throughout the world through Arbonne's network of Independent Consultants. Building on these same founding principles, Arbonne's product line has since grown to include both inner and outer health and beauty products that are unparalleled in quality, safety, value, benefits and results! The wonderful thing about Arbonne is that it's not just about great products, it's also about great people. The Arbonne family is made up of thousands of individuals working to make their dreams come true. Through sales incentives and rewards, travel opportunities, a generous SuccessPlan and great products, Arbonne offers a unique opportunity that can help make anyone's vision for the future a reality.

Ulta Beauty

cb ulta.com

At Ulta Beauty (NASDAQ: ULTA), the possibilities are beautiful. Ulta Beauty is the largest U.S. beauty retailer and the premier beauty destination for cosmetics, fragrance, skin care products, hair care products and salon services. In 1990, the Company reinvented the beauty retail experience by offering a new way to shop for beauty – bringing together all things beauty, all in one place. Today, Ulta Beauty has grown to become the top national retailer offering the complete beauty experience. Ulta Beauty brings possibilities to life through the power of beauty each and every day in our stores and online with more than 25,000 products from approximately 500 well-established and emerging beauty brands across all categories and price points, including Ulta Beauty’s own private label. Ulta Beauty also offers a full-service salon in every store featuring hair, skin, brow, and make-up services. Ulta Beauty is recognized for its commitment to personalized service, fun and inviting stores and our industry-leading Ultamate Rewards loyalty program. ALERT: We are aware of a scam whereby imposters are posing as employees from Ulta Beauty and vendors to Ulta Beauty. Beware of anyone requesting financial or personal information. At Ulta Beauty, we take pride in creating a best in class candidate experience. During the recruitment process, no recruiter or employee will request financial or personal information (Social Security Number, credit card, driver’s license or bank information, etc.) from you via text or email. If you are suspicious of a job posting or job-related email mentioning Ulta Beauty, let us know by contacting us at 630-410-4800 or email [email protected].

Best Buy

bestbuy.com

At Best Buy, our purpose is to enrich lives through technology. We do that by leveraging our unique combination of tech expertise and human touch to meet our customers’ everyday needs, whether they come to us online, visit our stores or invite us into their homes. With over 1,000 stores and more than 90,000 employees in the United States and Canada, we solve key human needs in the areas of productivity, security, health, entertainment, connectivity, and more. We’re a community of courageous change-makers, ambitious collaborators, and inspiring friends. Whether it’s working as a Geek Squad Agent, an in-store advisor, or in our corporate office, we offer each other support and prepare for what might come next. We wake up every morning so we can do our part in shaping the future of a changing world. Together, we raise the bar for what’s possible and dream up new solutions to problems we’ve never encountered. We master innovative skills that we didn’t know were within grasp and turn everyday interactions into human connections built to last. If change motivates you, if technology inspires you — we’re here for you. Tomorrow works here™.

Tupperware

tupperware.com

Founded in 1946, Tupperware's signature container created the modern food storage category that revolutionized the way the world stores, serves and prepares food. Today, we continue to innovate for the benefit of people and our planet by designing innovative, functional and environmentally responsible products that people love and trust. With a purpose to nurture a better future, Tupperware products are alternatives to single-use items - meant to reduce food waste and single-use plastic waste. We distribute our products into nearly 80 countries primarily through independent representatives around the world.

Costa Coffee

costa.co.uk

At Costa Coffee, we’ve been crafting with heart and changing the coffee game since 1971. Now part of The Coca-Cola Company, we proudly operate in over 50 countries, and we’re still growing! And we’re much more than our beloved stores. Consumers all over the world can now enjoy Costa Coffee in our Ready-To-Drink range, our innovative self-serve machines, including Express, or our thriving At Home offering. And let’s not forget our global partnerships that help us trailblaze new markets and spaces every single day. Here at Costa, we’re all about reimagining coffee experiences to make a difference.*** Along with our growth ambitions, we really do care about the communities we serve. From local charity partners, to coffee farmers and our much-loved Costa Foundation, making a difference is part of who we are. At the heart of our culture are our values: discipline, passion, warmth, courage, and trust. We are Disciplined to Deliver, have a Passion for Progress, we Win with Warmth, have the Courage to Challenge, and are Trusted Team Players. For us, it’s about creating a supportive and inclusive environment where everyone can be themselves, take on new challenges and enjoy some amazing career experiences. Sound like your cup of coffee? Take a look at our latest opportunities below. https://costacareers.co.uk/

Loading…

NEWS

One Stop Stores Ltd CyberSecurity News

Latest updates, reports, and threat intel affecting the global network.

October 16, 2025 02:00 PM

Oracle’s new marketplace is a one-stop shop for enterprise AI agents

The cloud giant is the latest in a string of firms to launch AI marketplaces.

Read Article

September 09, 2025 07:00 AM

This nuclear stock is a one-stop shop to play the nuclear power resurgence, CLSA says

Cameco is a one-stop shop for investors to play the nuclear power resurgence, according to CLSA.

Read Article

August 05, 2025 07:00 AM

Palo Alto CEO Nikesh Arora confronts Wall Street skeptics after company’s biggest bet yet

Palo Alto Networks' market cap has increased sixfold since Nikesh Arora joined as CEO in 2018, but not all investors are sold on his latest...

Read Article

June 27, 2025 07:00 AM

Stop & Shop Parent Gives 'Update' On Major Security Breach

Ahold Delhaize USA Services Wednesday announced an update about a major cybersecurity breach that disclosed last fall.

Read Article

June 27, 2025 07:00 AM

B2B customers have spoken. Will telcos listen?

Our latest survey of tech and telco B2B decision-makers shows that operators should expand beyond core connectivity to keep up with...

Read Article

June 19, 2025 07:00 AM

ND Information Technology beginning to roll out a 'one stop shop' for state government agencies

Call it a “one stop shop.” The state of North Dakota has begun its efforts to set up a single portal for people to access state agencies.

Read Article

May 24, 2025 07:00 AM

Security News This Week: The US Is Building a One-Stop Shop for Buying Your Data

Plus: A mysterious hacking group's secret client is exposed, Signal takes a swipe at Microsoft Recall, Russian hackers target security...

Read Article

May 21, 2025 07:00 AM

Dell wants to be your one-stop shop for enterprise AI infrastructure

The Dell AI Factory claims to speed up data throughput and lower latency for making AI predictions at the edge. Here's how the pieces come together.

Read Article

May 20, 2025 07:00 AM

Sidley Poaches Kirkland Funds Partner, Chasing ‘One-Stop Shop’

Sidley Austin hired long-time Kirkland & Ellis partner John Muno in a bid to bolster its fund formation capacity to compete with Big Law's top private equity...

Read Article

Loading…

CVE

Latest

Global CVEs (Not Company-Specific)

CVE-2026-53430

SUMMARY

Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in elixir-grpc grpc (GRPC.Compressor.Gzip, GRPC.Message modules) allows a denial of service via a gzip decompression bomb. This vulnerability is associated with program files lib/grpc/compressor/gzip.ex, lib/grpc/message.ex and program routines 'Elixir.GRPC.Compressor.Gzip':decompress/1, 'Elixir.GRPC.Message':from_data/2. 'Elixir.GRPC.Compressor.Gzip':decompress/1 calls :zlib.gunzip/1 directly on attacker-controlled bytes with no decompressed-size limit, ratio check, or incremental decoding. Because this module is the registered gzip GRPC.Compressor implementation, it is invoked automatically whenever an incoming gRPC frame carries the grpc-encoding: gzip header. :zlib.gunzip/1 allocates the entire decompressed result as a single binary, so a small highly compressible payload (for example a few kilobytes of zeros, which gzip compresses at roughly 1000:1) expands to multiple gigabytes inside a single call. The max_receive_message_length limit is enforced only against the already-decompressed message, so it provides no protection. An unauthenticated remote peer can send a single crafted frame to exhaust the BEAM node's heap and trigger an out-of-memory kill. This issue affects grpc: from 0.4.0 before 1.0.0.

Published

Date2026-06-15

Updated

Date2026-06-15

RISK INFORMATION (Score: )

cvss4

Base Score: 8.7

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

Exploitability

REFERENCES

CVE-2026-48854

SUMMARY

Allocation of Resources Without Limits or Throttling vulnerability in elixir-grpc grpc allows unauthenticated attackers to exhaust the BEAM's memory and crash the server by streaming a large or slow-trickle unary request body. 'Elixir.GRPC.Server.Adapters.Cowboy.Handler':read_full_body/3 (lib/grpc/server/adapters/cowboy/handler.ex) accumulates every received chunk into a single growing binary with no size cap. Additionally, when the client omits the grpc-timeout header, the per-chunk read timeout resolves to :infinity, allowing a slow-trickle client to keep the connection alive indefinitely while memory grows. A single connection is sufficient to exhaust server memory and crash the node. This issue affects grpc from 0.3.1 before 1.0.0.

Published

Date2026-06-15

Updated

Date2026-06-15

RISK INFORMATION (Score: )

cvss4

Base Score: 8.7

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

Exploitability

REFERENCES

CVE-2026-48853

SUMMARY

Deserialization of Untrusted Data and Allocation of Resources Without Limits or Throttling vulnerabilities in elixir-grpc grpc allow unauthenticated attackers to crash the BEAM node via atom table exhaustion and, when a decoded term flows into a call site that invokes it, achieve remote code execution on the server. 'Elixir.GRPC.Codec.Erlpack':decode/2 (lib/grpc/codec/erlpack.ex) calls :erlang.binary_to_term/1 on the raw gRPC message body without the :safe option, no size bound, and no type guard. Any unauthenticated peer that sends a request with Content-Type: application/grpc+erlpack can send a crafted payload that mints arbitrary new atoms (which are never garbage-collected, exhausting the bounded atom table and crashing the VM) or that encodes a fun term which, if applied anywhere downstream, executes attacker-controlled code inside the server process. This issue affects grpc from 0.4.0 before 1.0.0.

Published

Date2026-06-15

Updated

Date2026-06-15

RISK INFORMATION (Score: )

cvss4

Base Score: 9.2

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

Exploitability

REFERENCES

CVE-2026-48723

SUMMARY

The browserstack-cypress-cli is BrowserStack's CLI which allows users to run Cypress tests on BrowserStack. Versions prior to 1.36.4 are vulnerable to OS command injection via the cypress_config_file configuration parameter. In readCypressConfigUtil.js, the loadJsFile() function constructs a shell command by interpolating the user-controlled cypress_config_filepath value into a template literal, then executes it via child_process.execSync(). Shell metacharacters in the config path (specifically " and ;) allow breaking out of the quoted argument and injecting arbitrary commands. This issue has been fixed in version 1.36.6.

Published

Date2026-06-15

Updated

Date2026-06-15

RISK INFORMATION (Score: 7.8)

cvss3

Base Score: 7.8

Complexity: LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Impact Score

5.9

Exploitability

1.8

REFERENCES

CVE-2026-48599

SUMMARY

Authorization Bypass Through User-Controlled Key vulnerability in elixir-grpc grpc allows authenticated attackers to access or modify resources belonging to other users by smuggling a conflicting value for any path-bound field via the query string or request body. In 'Elixir.GRPC.Server.Transcode':map_request/5 (lib/grpc/server/transcode.ex), all three clauses use Map.merge/2 with path bindings as the first argument, giving them the lowest merge precedence. A request such as GET /users/me/profile?user_id=victim (or a POST with {"user_id": "victim"} when body: "*") yields a decoded protobuf struct where the path-bound field carries the attacker-supplied value rather than the router-extracted value. Any handler that uses the path-bound field for authorization, multi-tenancy scoping, or ownership checks is silently bypassed. This issue affects grpc from 0.8.0 before 1.0.0.

Published

Date2026-06-15

Updated

Date2026-06-15

RISK INFORMATION (Score: )

cvss4

Base Score: 7.6

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

Exploitability

REFERENCES

Loading…

API

Access Data Using Our API

Get company history

curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?
linkedin_id=axa' -H 'apikey: YOUR_API_KEY_HERE'

Try It API Documentation Rapid

MEASURE

What Do We Measure ?

Incident

Finding

Grade

Digital Assets

Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.

These are some of the factors we use to calculate the overall score:

Network SecurityIdentify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.

SBOM (Software Bill of Materials)Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.

CMDB (Configuration Management Database)Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.

Threat IntelligenceLeverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.

Rankiteo

By Rankiteo

★ ★ ★ ★ ★

View on G2.com

Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.

View latest plans →View all security reports →

MILESTONEG

Users
Love Us

Loading…