Memory-Exhaustion

🟠 High | Source: Microsoft Security Response Center CVE-2026-48854 is a vulnerability in the elixir-grpc/grpc library where unbounded accumulation of request body data can exhaust server memory, potentially causing a denial of service. Attackers can exploit this by sending large or streaming gRPC requests that the server fails to cap, leading to service unavailability. This affects any cloud-hosted service built on this Elixir gRPC library, including those running on Azure. Security Architect’s Take: Audit any workloads using elixir-grpc and apply the patched version as soon as it is available; in the interim, enforce request size limits at the API gateway or load balancer layer to mitigate unbounded payload attacks. ...

🟡 Medium | Source: Microsoft Security Response Center CVE-2026-44967 is a vulnerability in the opentelemetry-cpp library affecting its OTLP HTTP exporters, which fail to impose any limit on the size of HTTP responses they read. This means a malicious or compromised server could send an oversized response, potentially causing excessive memory consumption or a denial of service in the consuming application. The issue is particularly relevant to Azure environments where OpenTelemetry is used for observability and telemetry collection. ...