Uncaught Exception Affecting kibana-8.18-advanced package, versions *


Severity

Recommended
low

Based on default assessment until relevant scores are available.

Threat Intelligence

Social Trends
EPSS
0.63% (46th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-MINIMOSLATEST-KIBANA818ADVANCED-17329038
  • published13 Jun 2026
  • disclosed14 Jul 2026

Introduced: 13 Jun 2026

CVE-2026-48069  (opens in a new tab)
CWE-248  (opens in a new tab)

How to fix?

There is no fixed version for Minimos:latest kibana-8.18-advanced.

NVD Description

Note: Versions mentioned in the description apply only to the upstream kibana-8.18-advanced package and not the kibana-8.18-advanced package as distributed by Minimos. See How to fix? for Minimos:latest relevant fixed versions and status.

@grpc/grps-js implements the core functionality of gRPC purely in JavaScript, without a C++ addon. Prior to 1.9.16, 1.10.12, 1.11.4, 1.12.7, 1.13.5, and 1.14.4, an invalid incoming compressed message can cause a client or server process that uses @grpc/grpc-js to crash. This issue is fixed in versions 1.9.16, 1.10.12, 1.11.4, 1.12.7, 1.13.5, and 1.14.4.