A vulnerability was found in protobufjs protobuf.js up to 1.3.1/2.4.1 . It has been classified as critical . Affected by this issue is some unknown functionality of the component protobufjs-cli . This manipulation causes code injection. The identification of this vulnerability is CVE-2026-54271 . It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is recommended.