Improper Check for Unusual or Exceptional Conditions in @grackle-ai/server

Q: How to fix?

Upgrade @grackle-ai/server to version 0.70.6 or higher.

Introduced: 25 Mar 2026

How to fix?

Upgrade @grackle-ai/server to version 0.70.6 or higher.

Overview

@grackle-ai/server is a Grackle server orchestrator — spawns and wires core (gRPC), web-server (HTTP), MCP, and PowerLine

Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions in the JSON.parse process within the gRPC service adapter configuration handling. An attacker can cause the gRPC handler to crash by introducing malformed JSON into the database, which leads to an unhandled exception when the configuration is parsed. This is only exploitable if the database contains invalid or corrupted JSON data.

Workaround

This vulnerability can be mitigated by ensuring database integrity and regularly backing up the SQLite database.

References

CVSS Base Scores

version 4.0

version 3.1

Attack Vector (AV)
Network
Attack Complexity (AC)
High
Attack Requirements (AT)
Present
Privileges Required (PR)
High
User Interaction (UI)
None

Confidentiality (VC)
None
Integrity (VI)
None
Availability (VA)
Low

Confidentiality (SC)
None
Integrity (SI)
None
Availability (SA)
None

Improper Check for Unusual or Exceptional Conditions Affecting @grackle-ai/server package, versions <0.70.6

Severity

Do your applications use this vulnerable package?