Improper Handling of Highly Compressed Data in elixir-grpc by Elixir
CVE-2026-53430

8.7HIGH

Key Information:

Vendor: Elixir-grpc
Status: Grpc
Vendor: CVE Published:; 15 June 2026

🔔 Create Elixir-grpc Vulnerability Alert

What is CVE-2026-53430?

An issue exists within the Elixir gRPC implementation due to improper handling of highly compressed data, allowing attackers to exploit gzip decompression. When an unauthenticated remote peer sends a specially crafted frame with a gzip header, the system invokes the gzip decompressor without appropriate size checks. This can result in a denial of service as a small incoming payload can expand to consume vast amounts of memory, potentially exhausting the system's resources and leading to an out-of-memory kill. The vulnerability is tied to specific program files and routines that lack the necessary safety mechanisms to mitigate such risks.

Affected Version(s)

grpc 0.4.0 < 1.0.0

grpc beae6800fc8baf126f3fe7107d86a50e105275ba < 1afbab9d57d2a3e16ca9c62ffa4923338ea96cfc

References

https://github.com/elixir-grpc/grpc/security/advisories/G...

vendor-advisoryrelated

https://cna.erlef.org/cves/CVE-2026-53430.html

https://osv.dev/vulnerability/EEF-CVE-2026-53430

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 15, 2026
Vulnerability Reserved
Jun 9, 2026

Credit

Peter Ullrich

Paulo Valente

CVE-2026-53430 Data

JSON