Sign In

CVE-2026-48069

ADVISORY - github

Summary

Impact

An invalid incoming compressed message can cause a client or server process to crash. This affects all clients and servers that use @grpc/grpc-js

Patches

The following version have fixes for this vulnerability:

  • 1.9.16
  • 1.10.12
  • 1.11.4
  • 1.12.7
  • 1.13.5
  • 1.14.4

Workarounds

There is no workaround.

Common Weakness Enumeration (CWE)

ADVISORY - github

CWE-248

Uncaught Exception

CWE-400

Uncontrolled Resource Consumption

Impacted images

Advisories

GitHub

CREATED

UPDATED

ADVISORY IDGHSA-99f4-grh7-6pcq
EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-248CWE-400

CVSS SCORE

7.5high