CVE-2026-6409

Denial of Service (DoS) vulnerability exists in the Protobuf PHP library during the parsing of untrusted input

CVSS 7.1 HIGHEPSS 0.4%CWE-20

A Denial of Service (DoS) vulnerability exists in the Protobuf PHP library during the parsing of untrusted input. Maliciously structured messages—specifically those containing negative varints or deep recursion—can be used to crash the application, impacting service availability.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Productos afectados

Protocol Buffers · Protobuf-php (Pecl)

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-p2gh-cfq4-4wjc