Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
Smallstep

Smallstep Vendor Cyber Rating & Cyber Score

smallstep.com

Ensure that only company-owned devices can access financial data, code repositories, PII, SaaS apps, and other sensitive resources with hardware-bound credentials.


Smallstep A.I CyberSecurity Scoring

Smallstep
Company Information
Website:https://smallstep.com/
Employees number:32
Number of followers:2,368
NAICS:541514
Industry Type:Computer and Network Security
Homepage:smallstep.com
Smallstep Risk Score (AI oriented)
Between 700 and 749
logo
SmallstepComputer and Network Security
Updated:
01/04/2026
749/1000
Moderate
Ba
AaaAaABaaBaBCaaCaC
Powered by our proprietary A.I cyber incident model
Insurance prefers TPRM score to calculate premium
Smallstep Global Score (TPRM)
xxxx
logo
SmallstepComputer and Network Security
•••
Score locked
Instant access to detailed risk factors
Vulnerabilities
Benchmark vs. industry & size peers
Findings

Smallstep
SmallstepModerate
Current Score
749Ba (MODERATE)
01000
1 incidents
-1 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
749Before Incident
JUNE 2026
749Before Incident
MAY 2026
749Before Incident
APRIL 2026
749Before Incident
MARCH 2026
749Before Incident
FEBRUARY 2026
748Before Incident
JANUARY 2026
748Before Incident
DECEMBER 2025
749Before Incident
Vulnerability
17 Dec 2025Smallstep
Smallstep: Libbiosig, Grassroot DiCoM, Smallstep step-ca vulnerabilities

Cisco Talos Discloses Critical Vulnerabilities in Medical and Security Software Libraries

748After Incident
CRITICAL-1
SMA1774456850
Cisco Talos Discloses Critical Vulnerabilities in Medical and Security Software Libraries Cisco Talos’ Vulnerability Discovery & Research team recently uncovered and disclosed multiple vulnerabilities in three widely used software libraries: Libbiosig, Grassroot DICOM, and Smallstep step-ca. While patches have been released for most flaws, the Grassroot DICOM vulnerabilities remain unpatched zero-days. ### Libbiosig: Stack-Based Buffer Overflows Researcher Mark Bereza identified six stack-based buffer overflow vulnerabilities (TALOS-2025-2296, CVE-2025-66043–CVE-2025-66048) in Libbiosig 3.9.1, an open-source library for biomedical signal processing. The flaws reside in the MFER parsing functionality, allowing attackers to execute arbitrary code by supplying a maliciously crafted MFER file. ### Grassroot DICOM: Zero-Day Information Leaks Emmanuel Tacheau discovered three out-of-bounds read vulnerabilities in Grassroot DICOM, a C++ library for medical imaging files. The flaws (TALOS-2025-2210, TALOS-2025-2211, TALOS-2025-2214) can expose sensitive data, including heap memory, when processing malicious files. Unlike the other vulnerabilities, these remain unpatched zero-days. ### Smallstep step-ca: Additional Flaws Researcher Stephen Kubik of Cisco’s Advanced Security Initiatives Group (ASIG) identified vulnerabilities in Smallstep step-ca, a certificate authority (CA) tool. Details on these flaws were not fully disclosed in the article, but patches have been issued. ### Impact & Response The vulnerabilities affect systems processing medical imaging, biomedical signals, and certificate management. While Libbiosig and Smallstep step-ca have released fixes, organizations using Grassroot DICOM should exercise caution until patches are available. Cisco Talos has provided detection rules via Snort to help identify exploitation attempts.
INCIDENT DETAILS -
TYPE
Vulnerability Disclosure
IMPACT
Data Compromised: Sensitive data exposure (heap memory, biomedical signals, medical imaging data)Systems Affected: Systems processing medical imaging, biomedical signals, and certificate managementOperational Impact: Potential arbitrary code execution, data leaks, and system compromise
DATA BREACH
Type Of Data Compromised: Biomedical signals, medical imaging data, heap memorySensitivity Of Data: High (medical and personal data)MFERDICOM
NOVEMBER 2025
749Before Incident
OCTOBER 2025
749Before Incident
SEPTEMBER 2025
749Before Incident
AUGUST 2025
749Before Incident

Frequently Asked Questions

?
What is the current A.I Rankiteo Cyber Score for Smallstep ?
?
What was Smallstep's A.I Rankiteo Cyber Score in June 2026 ?
?
What was Smallstep's A.I Rankiteo Cyber Score in May 2026 ?
?
What was Smallstep's A.I Rankiteo Cyber Score in April 2026 ?
?
What was Smallstep's A.I Rankiteo Cyber Score in March 2026 ?
?
What was Smallstep's A.I Rankiteo Cyber Score in February 2026 ?
?
What was Smallstep's A.I Rankiteo Cyber Score in January 2026 ?
?
What was Smallstep's A.I Rankiteo Cyber Score in December 2025 ?
?
What was Smallstep's A.I Rankiteo Cyber Score in November 2025 ?
?
What was Smallstep's A.I Rankiteo Cyber Score in October 2025 ?
?
What was Smallstep's A.I Rankiteo Cyber Score in September 2025 ?
?
What was Smallstep's A.I Rankiteo Cyber Score in August 2025 ?
?
What is the average per-incident point impact on Smallstep's A.I Rankiteo Cyber Score over the past 12 months ?
?
Where can I access detailed records of all cyber incidents associated with Smallstep ?
?
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ?
?
Where can I view Smallstep's profile page on Rankiteo ?
?
How accurate is the A.I Rankiteo Risk Scoring methodology ?