CVE-2026-48854: elixir-grpc Memory Exhaustion DoS
🟠 High | Source: Microsoft Security Response Center CVE-2026-48854 is a vulnerability in the elixir-grpc/grpc library where unbounded accumulation of request body data can exhaust server memory, potentially causing a denial of service. Attackers can exploit this by sending large or streaming gRPC requests that the server fails to cap, leading to service unavailability. This affects any cloud-hosted service built on this Elixir gRPC library, including those running on Azure. Security Architect’s Take: Audit any workloads using elixir-grpc and apply the patched version as soon as it is available; in the interim, enforce request size limits at the API gateway or load balancer layer to mitigate unbounded payload attacks. ...