Grpc
Two Critical NGINX Flaws Put HTTP/3 and gRPC Proxying One Bug Away From Unauthenticated RCE
F5 patched CVE-2026-42530 and CVE-2026-42055, two CVSS 9.2 unauthenticated memory-corruption bugs in NGINX's HTTP/3 and HTTP/2 paths. Both reach RCE where ASLR can be bypassed, and both touch NGINX Ingress Controller and Gateway Fabric.
Proto6: Six protobuf.js Flaws Turn Trusted Schemas Into RCE and DoS Across gRPC, Cloud, and AI Stacks
Cyera's Proto6 research discloses six CVEs in protobuf.js, including a prototype-pollution-to-RCE chain, in a library pulled 50M+ times a week across gRPC, Google Cloud SDKs, vector databases, and CI/CD.
CVE-2026-33186: gRPC-Go Auth Bypass Lets Attackers Skip Deny Rules With a Missing Slash
A critical CVSS 9.1 flaw in gRPC-Go lets unauthenticated attackers bypass path-based authorization by omitting the leading slash from HTTP/2 :path headers.