CVE-2026-48068

ADVISORY - github

Summary

Impact

An invalid incoming HTTP/2 stream initiation can cause a server process to crash. This affects all servers created using @grpc/grpc-js.

Patches

The following version have fixes for this vulnerability:

1.9.16
1.10.12
1.11.4
1.12.7
1.13.5
1.14.4

Workarounds

There is no workaround.

Common Weakness Enumeration (CWE)

ADVISORY - github

CWE-248⁠

Uncaught Exception

Impacted images

Advisories

GitHub

CREATED

7 hours ago

UPDATED

7 hours ago

ADVISORY IDGHSA-5375-pq7m-f5r2⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

7.5high