CVE-2026-6409

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Protobuf PHP versions prior to 5.34.0-RC1 Protobuf PHP versions prior to 4.33.6

Description A Denial of Service (DoS) issue exists during the parsing of untrusted input. Maliciously structured messages, specifically those containing negative varints or deep recursion, can cause the application to crash, which impacts service availability.

Recommendations Update to version 5.34.0-RC1. Update to version 4.33.6.

Fix

DoS

Resource Exhaustion

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400CWE-20

Related Identifiers

BDU:2026-05664

CVE-2026-6409

ECHO-2757-275F-4ACB

GHSA-P2GH-CFQ4-4WJC

GHSA-QJFJ-3MM5-VRJG

Affected Products

Protobuf-Php

CVE-2026-6409

Weakness Enumeration

Related Identifiers

Affected Products

References · 18