Skip to main content
CVE Vulnerability Database
Vulnerability Database/CVE-2026-48853

CVE-2026-48853: elixir-grpc RCE Vulnerability

CVE-2026-48853 is a remote code execution vulnerability in elixir-grpc caused by unsafe deserialization that allows attackers to crash the BEAM node or execute arbitrary code. This article covers technical details, impact, and mitigation.

Published:

CVE-2026-48853 Overview

CVE-2026-48853 is a critical deserialization vulnerability in the elixir-grpc/grpc library affecting versions 0.4.0 through 1.0.0. The flaw resides in the Elixir.GRPC.Codec.Erlpack module, which calls :erlang.binary_to_term/1 on raw gRPC message bodies without the :safe option, size bounds, or type guards. Unauthenticated network attackers can send a crafted request with Content-Type: application/grpc+erlpack to crash the BEAM virtual machine through atom table exhaustion. When a decoded term flows into a downstream call site, attackers achieve remote code execution within the server process.

Critical Impact

Unauthenticated attackers can crash the Erlang VM or execute arbitrary code remotely on any service exposing the elixir-grpc Erlpack codec.

Affected Products

  • elixir-grpc grpc library versions 0.4.0 through 0.9.x
  • Any Elixir or Erlang gRPC server using GRPC.Codec.Erlpack
  • BEAM-based services accepting application/grpc+erlpack content type

Discovery Timeline

  • 2026-06-15 - CVE-2026-48853 published to NVD
  • 2026-06-17 - Last updated in NVD database

Technical Details for CVE-2026-48853

Vulnerability Analysis

The vulnerability stems from unsafe deserialization in the Erlpack codec module of elixir-grpc. The Elixir.GRPC.Codec.Erlpack:decode/2 function in lib/grpc/codec/erlpack.ex invokes :erlang.binary_to_term/1 directly on attacker-supplied message bodies. This call omits the :safe option, applies no size limit, and performs no type validation before deserializing the binary input.

The attack surface activates whenever a gRPC server registers the Erlpack codec and accepts requests with Content-Type: application/grpc+erlpack. No authentication is required to reach the vulnerable decode path. The Common Weakness Enumeration classification is [CWE-502] Deserialization of Untrusted Data.

Two distinct outcomes follow from a single decode call. First, atom creation through deserialization consumes slots in the global atom table, which is bounded and never garbage-collected. Second, encoded fun terms can carry executable closures that run when applied downstream.

Root Cause

The root cause is the direct invocation of :erlang.binary_to_term/1 on network-controlled input. The Erlang documentation explicitly warns that binary_to_term/1 is unsafe for untrusted data because it can allocate atoms, large structures, and function terms without restriction. The codec should have used binary_to_term(Binary, [:safe]) and enforced upstream size limits.

Attack Vector

An unauthenticated remote attacker sends a single gRPC request with Content-Type: application/grpc+erlpack containing a crafted External Term Format payload. A payload encoding thousands of unique atoms exhausts the atom table and crashes the BEAM node. A payload encoding a fun term that is later applied by application code yields arbitrary code execution in the server process.

text
# Patch context: benchmark/mix.exs and mix.lock updates accompanying
# commit 272a97a5ea1b46af1819f14a831fcf35fc91f992 ("fix: safer decoding for erlpack codec")

-      {:protobuf, "~> 0.14"}
+      {:protobuf, "~> 0.17"}

# Source: https://github.com/elixir-grpc/grpc/commit/272a97a5ea1b46af1819f14a831fcf35fc91f992

Detection Methods for CVE-2026-48853

Indicators of Compromise

  • Inbound gRPC requests carrying the Content-Type: application/grpc+erlpack header from untrusted clients
  • Sudden growth in the BEAM atom table count reported by :erlang.system_info(:atom_count)
  • VM crash logs referencing system_limit errors tied to atom exhaustion
  • Unexpected process spawns or shell invocations originating from gRPC handler processes

Detection Strategies

  • Inspect gRPC ingress traffic for the application/grpc+erlpack content type and alert when the source is not an allow-listed client.
  • Instrument the BEAM with periodic telemetry on :atom_count and :atom_limit to detect drift caused by hostile term decoding.
  • Add static analysis rules flagging any call to :erlang.binary_to_term/1 without the :safe option in Elixir or Erlang projects.

Monitoring Recommendations

  • Forward BEAM crash dumps and Erlang system metrics to a centralized log store for correlation with gRPC request volumes.
  • Track child process creation from Elixir application processes to identify suspicious command execution.
  • Monitor outbound network connections from gRPC services for indicators of post-exploitation activity.

How to Mitigate CVE-2026-48853

Immediate Actions Required

  • Upgrade elixir-grpc/grpc to version 1.0.0 or later, which applies the safer decoding fix delivered in commit 272a97a5.
  • If upgrading is not immediately possible, remove GRPC.Codec.Erlpack from the list of registered codecs on every gRPC endpoint.
  • Block Content-Type: application/grpc+erlpack at the ingress proxy or load balancer until patched.

Patch Information

The fix is delivered in commit 272a97a5ea1b46af1819f14a831fcf35fc91f992 titled "fix: safer decoding for erlpack codec." The patch updates dependency versions and revises the codec to pass the :safe option and enforce bounded decoding. See the GitHub Security Advisory GHSA-grp7-v8xh-rj7h and the CNA report for full remediation details.

Workarounds

  • Restrict the gRPC service to mutually authenticated TLS clients to remove unauthenticated reach to the decoder.
  • Reject any request whose content type is not on an explicit allow list of Protobuf or JSON codecs.
  • Cap request body sizes at the reverse proxy to limit the scale of atom exhaustion attempts.
bash
# Remove the Erlpack codec from your gRPC endpoint configuration
# config/config.exs
config :grpc, codecs: [GRPC.Codec.Proto, GRPC.Codec.WebText]
# Ensure GRPC.Codec.Erlpack is NOT in the list until the library is upgraded to >= 1.0.0

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.