What is the official website of Storm Reply ?

The official website of Storm Reply is http://www.reply.com/storm-reply/.

What is Storm Reply's cybersecurity risk score?

Storm Reply has an AI-generated cybersecurity risk score of 760 out of 1000, indicating a Fair security posture according to Rankiteo's assessment.

How many security incidents has Storm Reply experienced?

According to Rankiteo, Storm Reply currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.

Has Storm Reply been affected by any supply chain cyber incidents ?

According to Rankiteo, Storm Reply has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.

Does Storm Reply have SOC 2 Type 1 certification ?

According to Rankiteo, Storm Reply is not certified under SOC 2 Type 1.

Does Storm Reply have SOC 2 Type 2 certification ?

According to Rankiteo, Storm Reply does not hold a SOC 2 Type 2 certification.

Does Storm Reply comply with GDPR ?

According to Rankiteo, Storm Reply is not listed as GDPR compliant.

Does Storm Reply have PCI DSS certification ?

According to Rankiteo, Storm Reply does not currently maintain PCI DSS compliance.

Does Storm Reply comply with HIPAA ?

According to Rankiteo, Storm Reply is not compliant with HIPAA regulations.

Does Storm Reply have ISO 27001 certification ?

According to Rankiteo,Storm Reply is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.

Which industry does Storm Reply operate in ?

Storm Reply operates primarily in the IT Services and IT Consulting industry.

How many employees does Storm Reply have ?

Storm Reply employs approximately 434 people worldwide.

Does Storm Reply own any subsidiaries ?

Storm Reply presently has no subsidiaries across any sectors.

How many LinkedIn followers does Storm Reply have ?

Storm Reply's official LinkedIn profile has approximately 305,543 followers.

What is the NAICS classification code for Storm Reply ?

Storm Reply is classified under the NAICS code 5415, which corresponds to Computer Systems Design and Related Services.

Does Storm Reply have a Crunchbase profile ?

No, Storm Reply does not have a profile on Crunchbase.

Does Storm Reply have a LinkedIn profile ?

Yes, Storm Reply maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/storm-reply.

How many cybersecurity incidents has Storm Reply experienced ?

As of June 16, 2026, Rankiteo reports that Storm Reply has not experienced any cybersecurity incidents.

How many peer or competitor companies does Storm Reply have ?

Storm Reply has an estimated 40,696 peer or competitor companies worldwide.

NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop

WindowsmacOSLinux

Download

Badge your company to reduce your risk score and your cyber insurance costs!

Link verified badges to your company page to build trust with insurers and customers.

Apply now and get your badge!

Internal validation & live display

Insurers and partners see a safer profile

Faster underwriting decisions

Trusted by insurers. Chosen by leaders.

Proud contributor to the Society of Actuaries.

Storm Reply

Boost Score +25 with badge (5 left)

760

/1000

Fair

785

/1000

Fair

Storm Reply Vendor Cyber Rating & Cyber Score

reply.com

Add Your Compliance Badge

Storm Reply is a global AWS Premier Consulting Partner and a specialist for professional cloud computing services in the Reply network. Storm Reply holds comprehensive technical expertise on the most relevant enablers of digital transformation including Cloud, Big Data, IoT, and Cybersecurity - addressed by a clear understanding of the business factors. Having consolidated experience and certifications in Cloud IaaS, SaaS, and PaaS architectures, Storm Reply provides end-to-end services for Cloud adoption: - Cloud Strategy, Advisory and Migration - Public, Private & Hybrid Cloud Architectures Design & Deployment - Cloud Native Software Development - Cloud Security Fully Managed Operations 24x7 - ROI & TCO

Storm Reply A.I CyberSecurity Scoring

Scoring History

Storm Reply

Storm Reply CyberSecurity News & History

Past Incidents

Attack Types

Entity

Type

Severity

Impact

Seen

Blog Details

Supply Chain Source

Incident Details

View

No data available

Loading…

A.I.

Storm Reply Company Scoring based on AI Models

Cyber Incidents Likelihood 3 - 6 - 9 months

Actual

Prediction

Incident Predictions locked

Access Monitoring Plan

A.I Risk Score Likelihood 3 - 6 - 9 months

Actual

Prediction A

Prediction B

Prediction C

Prediction D

A.I. Risk Score Predictions locked

Access Monitoring Plan

Loading…

Underwriter Stats for Storm Reply

Incidents vs IT Services and IT Consulting Industry Avg (This Year)

No incidents recorded for Storm Reply in 2026.

Incidents vs All-Companies Average (This Year)

No incidents recorded for Storm Reply in 2026.

Incident Types Storm Reply vs IT Services and IT Consulting Industry Avg (This Year)

No incidents recorded for Storm Reply in 2026.

Incident History - Storm Reply (X = Date, Y = Severity)

Loading…

SUBSIDIARY

Storm Reply Subsidiaries

Storm Reply

IT Services and IT Consulting

Website: http://www.reply.com/storm-reply/

Company Size: 434

124

ReplyIT Services and IT Consulting

Open Reply ITIT Services and IT Consulting

Concept Reply GmbHInformation Technology & Services

AIM ReplyIT Services and IT Consulting

Sense ReplyIT Services and IT Consulting

Airwalk ReplyIT Services and IT Consulting

Sprint Reply ITInformation Technology & Services

Blue Reply ITIT Services and IT Consulting

Concept Reply USInformation Technology & Services

Solidsoft ReplyIT Services and IT Consulting

Logistics Reply UKSoftware Development

Roboverse Reply DEIT Services and IT Consulting

Business Elements ReplyIT Services and IT Consulting

Life At ReplyIT Services and IT Consulting

Avantage ReplyFinancial Services

IFRS 9Financial Services

Compliance and Conduct RiskFinancial Services

CLUSTER REPLYIT Services and IT Consulting

BitmamaAdvertising Services

Xister ReplyAdvertising Services

Nexi DigitalFinancial Services

Valorem ReplyIT Services and IT Consulting

Valorem Reply - Technology Industry SolutionsIT Services and IT Consulting

Lynx RecruitmentStaffing and Recruiting

Wemanity MarocIT Services and IT Consulting

Syskoplan Reply USIT Services and IT Consulting

Threepipe ReplyAdvertising Services

Cloud9 ReplyIT Services and IT Consulting

WM ReplyIT Services and IT Consulting

Technology ReplySoftware Development

Mansion House ConsultingBusiness Consulting and Services

Wemanity BelgiumInformation Technology & Services

Net ReplyIT Services and IT Consulting

Go ReplyIT Services and IT Consulting

Concept Engineering ReplyIT Services and IT Consulting

Machine Learning Reply GmbHIT Services and IT Consulting

ATLAS REPLYIT Services and IT Consulting

Cluster Reply DEIT Services and IT Consulting

TD ReplyBusiness Consulting and Services

Sytel ReplyIT Services and IT Consulting

Whitehall ReplyIT Services and IT Consulting

Data Reply FRInformation Technology & Services

Connect ReplyIT Services and IT Consulting

Laife ReplyInformation Technology & Services

Business ReplySoftware Development

Comsysto Reply GmbHIT Services and IT Consulting

Aktive ReplyInformation Technology & Services

ARLANIS REPLY ITIT Services and IT Consulting

Canvas ReplyIT Services and IT Consulting

Graymatter ReplyAdvertising Services

Graymatter REPLY DigitalAdvertising Services

Light ReplyIT Services and IT Consulting

Triplesense ReplyTechnology, Information and Internet

Syskoplan Reply DACHInformation Technology & Services

Logistics Reply DESoftware Development

4brands ReplyInformation Technology & Services

Pay ReplyInformation Technology & Services

Technology Reply RomaniaIT Services and IT Consulting

Blue Reply DEIT Services and IT Consulting

Shield ReplyIT Services and IT Consulting

Autonomous Reply FRIT Services and IT Consulting

Accelerator 365 by ReplySoftware Development

Cortex Reply DEIT Services and IT Consulting

Cortex Reply UKTechnology, Information and Internet

Spike Reply LuxembourgIT Services and IT Consulting

Liquid ReplyIT Services and IT Consulting

Fincon Reply GmbHInformation Services

Sprint Reply DEIT Services and IT Consulting

Spike ReplyIT Services and IT Consulting

Communication Valley ReplyComputer and Network Security

Spur ReplyBusiness Consulting and Services

KI ReplyInformation Technology & Services

Sprint Reply BEIT Services and IT Consulting

Concept Quality ReplyIT Services and IT Consulting

Core ReplyInformation Technology & Services

Starbytes.itInformation Technology & Services

Comwrap Reply DACHTechnology, Information and Internet

Reply ChallengesFornitori di e-learning

Target ReplyData Infrastructure and Analytics

Data Reply ITIT Services and IT Consulting

Wemanity NetherlandsProfessional Training and Coaching

Blockchain ReplyIT Services and IT Consulting

Data Reply DEInformation Technology & Services

Leadvise ReplyBusiness Consulting and Services

Digital Transformation der Regulatory AffairsUnternehmensberatung

Data Reply UKIT Services and IT Consulting

Logistics Reply USSoftware Development

Infinity Reply ITIT Services and IT Consulting

Storm Reply DEIT Services and IT Consulting

Like ReplyAdvertising Services

Target Reply RomeIT Services and IT Consulting

Wemanity Learning CenterDéveloppement professionnel et coaching

HERMES REPLYInformation Technology & Services

Open Reply UKInformation Technology & Services

Sytel Reply NorthInformation Technology & Services

Machine Learning ReplyIT Services and IT Consulting

Open ReplyInformation Technology & Services

ARLANIS REPLYIT Services and IT Consulting

Up ReplyIT Services and IT Consulting

Glue ReplyIT Services and IT Consulting

Red Reply DEIT Services and IT Consulting

Live Reply ItalyIT Services and IT Consulting

Neo ReplyIT Services and IT Consulting

Net Reply UKIT Services and IT Consulting

Live Reply DEIT Services and IT Consulting

Brick Reply | IT Solutions and Services for ManufacturingSoftware Development

Storm Reply, Inc.Professional Services

e*finance consulting ReplyFinancial Services

Air ReplyIT Services and IT Consulting

Eos ReplyIT Services and IT Consulting

Spike Reply UKTechnology, Information and Internet

Infinity Reply DEIT Services and IT Consulting

Open Reply Benelux - FranceBusiness Consulting and Services

Zest ReplyIT Services and IT Consulting

Arlanis Reply UKIT Services and IT Consulting

Sprint Reply UKIT Services and IT Consulting

Macros Reply GmbHIT Services and IT Consulting

Cluster Reply PLIT Services and IT Consulting

Atomic ReplyBusiness Consulting and Services

Industrie Reply USMotor Vehicle Manufacturing

Alpha ReplyIT Services and IT Consulting

Nimbus ReplyIT Services and IT Consulting

Affinity ReplyIT Services and IT Consulting

Ki Reply UKIT Services and IT Consulting

Loading…

Storm Reply Similar Companies

TransUnion

transunion.com

TransUnion is a global information and insights company that makes trust possible in the modern economy. We do this by providing an actionable picture of each person so they can be reliably represented in the marketplace. As a result, businesses and consumers can transact with confidence and achieve great things. This picture is grounded in our legacy as a credit reporting agency which enables us to tap into both credit and public record data; our data fusion methodology that helps us link, match and tap into the awesome combined power of that data; and our knowledgeable and passionate team, who stewards the information with expertise, and in accordance with local legislation around the world. A leading presence in more than 30 countries across five continents, TransUnion provides solutions that help create economic opportunity, great experiences and personal empowerment for hundreds of millions of people. We call this Information for Good® — it’s our purpose, and what drives us every day. Contact Us Customer support: https://transu.co/60024D64I Business support: https://transu.co/60044D67G

TEKsystems

teksystems.com

We’re TEKsystems and TEKsystems Global Services. We accelerate business transformation for our customers, so they can capitalize on change and master the momentum of technology. Our expertise in strategy, design, execution and operations unlocks business value through a range of solutions. We’re building tomorrow by delivering business outcomes and making positive impacts in our global communities. TEKsystems and TEKsystems Global Services are Allegis Group companies.

ASGN Incorporated

asgn.com

ASGN Incorporated (NYSE: ASGN) is a leading provider of IT services and solutions across the commercial and government sectors. ASGN helps corporate enterprises and government organizations develop, implement and operate critical IT and business solutions through its integrated offerings. For more information, please visit asgn.com. *Please note: Our company does not use the Telegram app, Google Hangouts, or communicate using non-corporate email account addresses. For more about what we do and do not ask for in the hiring process, please visit: https://www.asgn.com/fraud-alert

Iron Mountain

cb ironmountain.com

In the era of AI, your data is your advantage. Yet too often it remains untapped: disconnected from systems, underutilized, untrained, and exposed to risk. Iron Mountain is the trusted partner for organizations of all sizes to unlock what’s possible, transforming information into intelligence and assets into advantage. How? By seamlessly managing digital and physical assets of all kinds across their lifecycle—making them visible, secure, accessible, and AI-ready. From payments to pathology, mortgages to media, fine art to IT, we’ve helped more than 240,000 customers around the world, including 95% of the Fortune 1000, unlock more value from what’s already within reach. All with unparalleled security, governance, and sustainability at every step. What can we unlock together?

Swisscom

swisscom.ch

As No. 1, we inspire people in the connected world. With the latest technologies and innovations, together we have the opportunity to shape the future. To do this, we are and act trustworthy, committed and curious. Are you with us? Join us on this exciting journey and work with us or in one of the DevOps Centres in Riga or Rotterdam in different business areas on the latest technological trends. Find out more about us and our vacancies on our careers page: www.swisscom.ch/career We look forward to hearing from you!

Amazon Web Services (AWS)

amazon.com

Launched in 2006, Amazon Web Services (AWS) began exposing key infrastructure services to businesses in the form of web services -- now widely known as cloud computing. The ultimate benefit of cloud computing, and AWS, is the ability to leverage a new business model and turn capital infrastructure expenses into variable costs. Businesses no longer need to plan and procure servers and other IT resources weeks or months in advance. Using AWS, businesses can take advantage of Amazon's expertise and economies of scale to access resources when their business needs them, delivering results faster and at a lower cost. Today, Amazon Web Services provides a highly reliable, scalable, low-cost infrastructure platform in the cloud that powers hundreds of thousands of businesses in 190 countries around the world. With data center locations in the U.S., Europe, Singapore, and Japan, customers across all industries are taking advantage of our low cost, elastic, open and flexible, secure platform.

HGS

hgs.cx

A global leader in optimizing the customer experience lifecycle, digital transformation, and business process management, HGS is helping its clients become more competitive every day. HGS combines automation, analytics, and artificial intelligence with deep domain expertise focusing on digital customer experiences, back-office processing, contact centers, and HRO solutions. Part of the multi-billion-dollar conglomerate Hinduja Group, HGS takes a “globally local” approach with over 18,000+ employees across 38 delivery centers in 9 countries.

Tech Mahindra

techmahindra.com

Tech Mahindra offers technology consulting and digital solutions to global enterprises across industries, enabling transformative scale at unparalleled speed. With 149k+ professionals across 90+ countries helping 1100+ clients, TechM provides a full spectrum of services including consulting, information technology, enterprise applications, business process services, engineering services, network services, customer experience & design services, AI & analytics, and cloud & infrastructure services. It is the first Indian company in the world to have been awarded the Sustainable Markets Initiative’s Terra Carta Seal, in recognition of actively leading the charge to create a climate and nature-positive future. Tech Mahindra (NSE: TECHM) is part of the Mahindra Group, founded in 1945, one of the largest and most admired multinational federations of companies. Visit www.techmahindra.com to #ScaleAtSpeed

Inetum

inetum.com

Inetum is a European leader in digital services. Inetum’s team of 27,000 consultants and specialists strive every day to make a digital impact for businesses, public sector entities and society. Inetum’s solutions aim at contributing to its clients’ performance and innovation as well as the common good. Present in 19 countries with a dense network of sites, Inetum partners with major software publishers to meet the challenges of digital transformation with proximity and flexibility. Driven by its ambition for growth and scale, Inetum generated sales of 2.4 billion euros in 2024. 🏅 Top Employer Europe 2025

Loading…

NEWS

Storm Reply CyberSecurity News

Latest updates, reports, and threat intel affecting the global network.

December 09, 2025 10:04 AM

Reply Achieves the AWS Agentic AI Specialization and Is Named an Implementation Partner for Amazon Bedrock AgentCore

TURIN, Italy–(BUSINESS WIRE)–Reply [EXM, STAR: REY] announced that it has achieved the Amazon Web Services (AWS) Agentic AI Specialization,...

Read Article

October 30, 2025 02:46 PM

Frank Reply at the Service & Sales Summit 2025

Meet Frank Reply at the Service Summit 2025 in Hamburg at Booth SE09, showcasing how conversational AI, voice, and chatbot solutions can optimize customer...

Read Article

October 17, 2025 09:44 PM

Storm Reply at the ecoCompute Conference 2025

At the ecoCompute Conference 2025 at bUm Berlin, Storm Reply will show how AI can be made more efficient and sustainable in its workshop “How to start with...

Read Article

October 01, 2025 03:52 PM

Breakfast Briefing: Ransomware, Resilience and Reality

Ransomware is evolving. Are your recovery plans keeping up? Join industry leaders for a strategic breakfast on attacks and resilience.

Read Article

September 30, 2025 07:00 AM

Smart Country Convention (SCCON) 2025

The Smart Country Convention 2025 will take place in Berlin from September 30 to October 2. Go Reply, Arlanis Reply, and Frank Reply will...

Read Article

September 16, 2025 07:00 AM

Reply Achieves the AWS Advertising and Marketing Technology Competency Thanks to the Contribution of the Data Reply and Storm Reply Teams

TURIN, Italy, September 16, 2025--Reply [EXM, STAR: REY] has achieved the AWS Advertising and Marketing Technology Competency, the official...

Read Article

June 03, 2025 08:02 AM

Devbot: Audi’s intelligent multi-agent system for smarter and safer cloud use

Developed by Audi and Storm Reply, devbot is an advanced Agentic AI solution that intelligently optimizes Audi's cloud infrastructure – quickly, securely,...

Read Article

April 16, 2025 03:10 AM

AWS Deep Dive Days – Generative AI 2025

Storm Reply and Data Reply will be present at the AWS Deep Dive Days - Generative AI in Munich on April 29, 2025. Visit us on site and discover practical...

Read Article

March 21, 2025 07:00 AM

NASA email storm strikes space agencies worldwide

An insecure email distribution list accidentally spamming space agencies across the planet is undoubtedly one for the record books.

Read Article

Loading…

CVE

Latest

Global CVEs (Not Company-Specific)

CVE-2026-53430

SUMMARY

Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in elixir-grpc grpc (GRPC.Compressor.Gzip, GRPC.Message modules) allows a denial of service via a gzip decompression bomb. This vulnerability is associated with program files lib/grpc/compressor/gzip.ex, lib/grpc/message.ex and program routines 'Elixir.GRPC.Compressor.Gzip':decompress/1, 'Elixir.GRPC.Message':from_data/2. 'Elixir.GRPC.Compressor.Gzip':decompress/1 calls :zlib.gunzip/1 directly on attacker-controlled bytes with no decompressed-size limit, ratio check, or incremental decoding. Because this module is the registered gzip GRPC.Compressor implementation, it is invoked automatically whenever an incoming gRPC frame carries the grpc-encoding: gzip header. :zlib.gunzip/1 allocates the entire decompressed result as a single binary, so a small highly compressible payload (for example a few kilobytes of zeros, which gzip compresses at roughly 1000:1) expands to multiple gigabytes inside a single call. The max_receive_message_length limit is enforced only against the already-decompressed message, so it provides no protection. An unauthenticated remote peer can send a single crafted frame to exhaust the BEAM node's heap and trigger an out-of-memory kill. This issue affects grpc: from 0.4.0 before 1.0.0.

Published

Date2026-06-15

Updated

Date2026-06-15

RISK INFORMATION (Score: )

cvss4

Base Score: 8.7

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

Exploitability

REFERENCES

CVE-2026-48854

SUMMARY

Allocation of Resources Without Limits or Throttling vulnerability in elixir-grpc grpc allows unauthenticated attackers to exhaust the BEAM's memory and crash the server by streaming a large or slow-trickle unary request body. 'Elixir.GRPC.Server.Adapters.Cowboy.Handler':read_full_body/3 (lib/grpc/server/adapters/cowboy/handler.ex) accumulates every received chunk into a single growing binary with no size cap. Additionally, when the client omits the grpc-timeout header, the per-chunk read timeout resolves to :infinity, allowing a slow-trickle client to keep the connection alive indefinitely while memory grows. A single connection is sufficient to exhaust server memory and crash the node. This issue affects grpc from 0.3.1 before 1.0.0.

Published

Date2026-06-15

Updated

Date2026-06-15

RISK INFORMATION (Score: )

cvss4

Base Score: 8.7

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

Exploitability

REFERENCES

CVE-2026-48853

SUMMARY

Deserialization of Untrusted Data and Allocation of Resources Without Limits or Throttling vulnerabilities in elixir-grpc grpc allow unauthenticated attackers to crash the BEAM node via atom table exhaustion and, when a decoded term flows into a call site that invokes it, achieve remote code execution on the server. 'Elixir.GRPC.Codec.Erlpack':decode/2 (lib/grpc/codec/erlpack.ex) calls :erlang.binary_to_term/1 on the raw gRPC message body without the :safe option, no size bound, and no type guard. Any unauthenticated peer that sends a request with Content-Type: application/grpc+erlpack can send a crafted payload that mints arbitrary new atoms (which are never garbage-collected, exhausting the bounded atom table and crashing the VM) or that encodes a fun term which, if applied anywhere downstream, executes attacker-controlled code inside the server process. This issue affects grpc from 0.4.0 before 1.0.0.

Published

Date2026-06-15

Updated

Date2026-06-15

RISK INFORMATION (Score: )

cvss4

Base Score: 9.2

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

Exploitability

REFERENCES

CVE-2026-48723

SUMMARY

The browserstack-cypress-cli is BrowserStack's CLI which allows users to run Cypress tests on BrowserStack. Versions prior to 1.36.4 are vulnerable to OS command injection via the cypress_config_file configuration parameter. In readCypressConfigUtil.js, the loadJsFile() function constructs a shell command by interpolating the user-controlled cypress_config_filepath value into a template literal, then executes it via child_process.execSync(). Shell metacharacters in the config path (specifically " and ;) allow breaking out of the quoted argument and injecting arbitrary commands. This issue has been fixed in version 1.36.6.

Published

Date2026-06-15

Updated

Date2026-06-15

RISK INFORMATION (Score: 7.8)

cvss3

Base Score: 7.8

Complexity: LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Impact Score

5.9

Exploitability

1.8

REFERENCES

CVE-2026-48599

SUMMARY

Authorization Bypass Through User-Controlled Key vulnerability in elixir-grpc grpc allows authenticated attackers to access or modify resources belonging to other users by smuggling a conflicting value for any path-bound field via the query string or request body. In 'Elixir.GRPC.Server.Transcode':map_request/5 (lib/grpc/server/transcode.ex), all three clauses use Map.merge/2 with path bindings as the first argument, giving them the lowest merge precedence. A request such as GET /users/me/profile?user_id=victim (or a POST with {"user_id": "victim"} when body: "*") yields a decoded protobuf struct where the path-bound field carries the attacker-supplied value rather than the router-extracted value. Any handler that uses the path-bound field for authorization, multi-tenancy scoping, or ownership checks is silently bypassed. This issue affects grpc from 0.8.0 before 1.0.0.

Published

Date2026-06-15

Updated

Date2026-06-15

RISK INFORMATION (Score: )

cvss4

Base Score: 7.6

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

Exploitability

REFERENCES

Loading…

API

Access Data Using Our API

Get company history

curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?
linkedin_id=axa' -H 'apikey: YOUR_API_KEY_HERE'

Try It API Documentation Rapid

MEASURE

What Do We Measure ?

Incident

Finding

Grade

Digital Assets

Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.

These are some of the factors we use to calculate the overall score:

Network SecurityIdentify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.

SBOM (Software Bill of Materials)Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.

CMDB (Configuration Management Database)Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.

Threat IntelligenceLeverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.

Rankiteo

By Rankiteo

★ ★ ★ ★ ★

View on G2.com

Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.

View latest plans →View all security reports →

MILESTONEG

Users
Love Us

Loading…