Six Proto6 Vulnerabilities in protobuf.js Expose Node.js Apps to RCE and DoS
The Hacker NewsArchived Jun 10, 2026✓ Full text saved
Cybersecurity researchers have flagged half a dozen vulnerabilities in protobuf.js, a JavaScript and TypeScript implementation of Protocol Buffers (Protobuf), that, if successfully exploited, could result in remote code execution (RCE) and denial-of-service (DoS) attacks. "In affected environments, a single malicious protobuf schema, descriptor, or crafted payload could be enough to trigger
Full text archived locally
✦ AI Summary· Claude Sonnet
Six Proto6 Vulnerabilities in protobuf.js Expose Node.js Apps to RCE and DoS
Ravie LakshmananJun 10, 2026Vulnerability / JavaScript
Cybersecurity researchers have flagged half a dozen vulnerabilities in protobuf.js, a JavaScript and TypeScript implementation of Protocol Buffers (Protobuf), that, if successfully exploited, could result in remote code execution (RCE) and denial-of-service (DoS) attacks.
"In affected environments, a single malicious protobuf schema, descriptor, or crafted payload could be enough to trigger crashes, runtime corruption, or even code execution," Cyera security researcher Assaf Morag said. The vulnerabilities have been codenamed Proto6.
Protobuf is a free and open-source, language-agnostic mechanism for serializing structured data. It was originally developed and used internally by Google before it was made publicly available in 2008.
The identified vulnerabilities affect Node.js applications that use protobuf.js, Google Cloud client libraries, messaging frameworks like Baileys, and CI/CD pipelines. Per Cyera, any Node.js service that deserializes Protobuf data or generates code from schemas with protobuf.js is likely impacted as well.
A brief description of each of the flaws is below -
CVE-2026-44289 (CVSS score: 7.5): DoS through unbounded protobuf recursion
CVE-2026-44290 (CVSS score: 7.5): Process-wide DoS when loading schemas with unsafe option paths
CVE-2026-44291 (CVSS score: 8.1): Code generation gadget after prototype pollution
CVE-2026-44292 (CVSS score: 5.3): Prototype injection in generated message constructors
CVE-2026-44294 (CVSS score: 5.3): DoS from crafted field names in generated code
CVE-2026-44295 (CVSS score: 8.7): Code injection in pbjs static output from crafted schema names
Cyera said all the vulnerabilities stem from the library's handling of schema and metadata as trusted by default. This validation oversight could influence application behavior and lead to code execution.
"While exploitation of these vulnerabilities generally requires specific conditions, those conditions are increasingly common in data and AI ecosystems that routinely exchange data, schemas, and configuration files across services, repositories, cloud platforms, and third-party integrations," Morag noted.
In a potential attack scenario, a bad actor could introduce a malicious protobuf schema to poison CI/CD workflows, leaking build secrets in the process (CVE-2026-44295), or crash Node.js services such as WhatsApp bots built using Baileys, a WhatsApp Web API automation TypeScript library, by means of a specially crafted message (CVE-2026-44292).
The most severe of the lot is CVE-2026-44291, which results in code execution when a Node.js application accepts attacker-controlled input.
"That input reaches a prototype pollution gadget," security researcher Vladimir Tokarev explained. "Later, the same process uses protobuf.js to encode or decode a message. Because protobuf.js resolves type names through plain property lookups, a polluted Object.prototype can make an attacker-controlled string look like a valid protobuf primitive."
"Protobuf.js then inserts that string into a generated encoder or decoder function and compiles it with Function(). The attacker gets arbitrary JavaScript execution inside the Node.js process."
The following versions of the tool are vulnerable -
protobuf.js: versions <= 7.5.5 and >= 8.0.0 <= 8.0.1
protobufjs-cli: versions <= 1.2.0 and >= 2.0.0 <= 2.0.1
Patches for the flaws are available in protobufjs 7.5.6 and 8.0.2, and protobufjs-cli 1.2.1 and 2.0.2. Users are advised to apply the latest fixes to safeguard against potential threats.
"Because protobuf.js is heavily used inside databases, vector stores, inference pipelines, orchestration systems, CI/CD tooling, and cloud SDKs, successful exploitation could impact sensitive enterprise and AI workloads at scale," Cyera said.
"Modern software increasingly treats schemas, metadata, and configuration files as trusted inputs that drive automation, orchestration, and code generation. When those trust assumptions break, data can become behavior. That shift creates new attack surfaces that security teams must learn to identify and manage."
Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.
SHARE
Tweet
Share
Share
SHARE
CI/CD, cybersecurity, denial of service, Google Cloud, JavaScript, node.js, remote code execution, TypeScript, Vulnerability
⚡ Top Stories This Week
New ChatGPT Lockdown Mode Limits Tools That Could Enable Data Exfiltration
Free Apps Are Quietly Turning Smart TVs Into Web-Scraping Proxies for AI
Cisco Patches CVE-2026-20230 in Unified CM as Exploit Code Goes Public
⚡ Weekly Recap: Instagram Account Hacks, Android Zero-Day, GitHub Worm and More
Miasma Worm Hits 73 Microsoft GitHub Repositories in Major Supply Chain Attack
New HTTP/2 Bomb Vulnerability Allows Remote DoS on NGINX, Apache, IIS, Envoy and Cloudflare
Unpatched Windows Search URI Vulnerability Lets Attackers Steal NTLMv2 Hashes
New FROST Attack Lets Websites Track What Sites and Apps You Open via SSD Timing
AI Agent Uncovers 21 Zero-Days in FFmpeg; Chrome Patches Record 429 Bugs
ThreatsDay Bulletin: AI Agents Gone Wrong, Sketchy C2 Tools, ClickFix Tricks, JS Backdoors + 20 New Stories
Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild - Patch Now
Claude Code GitHub Action Flaw Let One Malicious Issue Hijack Repositories
Microsoft Fixes One-Click GitHub Dev Attack That Let Attackers Steal OAuth Tokens
Autonomous AI Tool Finds 2-Year-Old RCE Flaw in Redis (CVE-2026-23479)
Microsoft 365 Android Apps Let Any App Steal Account Tokens via Leftover Debug Flag
One-Character Linux Kernel Flaw Enables Local Root Access, Exploits Now Public
Load More ▼
⭐ Featured Resources
See How Agentic AI Cuts Your SOC Triage Time in Half [Get a Demo]
Get the 2026 Guide to Govern and Secure Enterprise AI Agents at Scale
[Guide] Transform Network Operations with Intelligent Workflows
Catch 88% of Malware Threats in Under 60 Seconds with Live Sandbox Analysis