CVE-2026-48854 is a vulnerability in the elixir-grpc/grpc library where unbounded accumulation of request body data can exhaust server memory, potentially causing a denial of service. Attackers can exploit this by sending large or streaming gRPC requests that the server fails to cap, leading to service unavailability. This affects any cloud-hosted service built on this Elixir gRPC library, including those running on Azure.

Security Architect’s Take: Audit any workloads using elixir-grpc and apply the patched version as soon as it is available; in the interim, enforce request size limits at the API gateway or load balancer layer to mitigate unbounded payload attacks.

Original advisory: CVE-2026-48854 Unbounded request body accumulation causes memory exhaustion in elixir-grpc/grpc