PYSEC-2026-1426

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/grpcio/PYSEC-2026-1426.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-1426
Aliases
Published
2026-07-07T11:45:20.840192Z
Modified
2026-07-07T17:47:41.848620701Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
Summary
gRPC connection termination issue
Details

gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for -bin suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recommend upgrading beyond the commit in https://github.com/grpc/grpc/pull/32309.

References

Affected packages

PyPI / grpcio

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
1.53.0
Fixed
1.53.1
Introduced
1.54.0
Fixed
1.54.2

Affected versions

1.*
1.53.0
1.54.0

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/grpcio/PYSEC-2026-1426.yaml"