Sign In

CVE-2026-48069

ADVISORY - github

Summary

Impact

An invalid incoming compressed message can cause a client or server process to crash. This affects all clients and servers that use @grpc/grpc-js

Patches

The following version have fixes for this vulnerability:

  • 1.9.16
  • 1.10.12
  • 1.11.4
  • 1.12.7
  • 1.13.5
  • 1.14.4

Workarounds

There is no workaround.

Common Weakness Enumeration (CWE)

ADVISORY - github

CWE-248

Uncaught Exception

CWE-400

Uncontrolled Resource Consumption

Impacted images

Advisories
Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.

Sign in