CVE-2026-45740

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions protobufjs versions prior to 7.5.8 protobufjs versions prior to 8.2.0

Description protobufjs compiles protobuf definitions into JavaScript functions. The software can recurse without a depth limit when expanding nested JSON descriptors through the Root.fromJSON() and Namespace.addJSON() functions. A crafted JSON descriptor containing deeply nested namespace definitions can exhaust the JavaScript call stack during descriptor loading, leading to a denial of service.

Recommendations Update to version 7.5.8. Update to version 8.2.0.

Fix

DoS

Uncontrolled Recursion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-674

Related Identifiers

CVE-2026-45740

GHSA-JGGG-4JG4-V7C6

Affected Products

Protobufjs

CVE-2026-45740

Weakness Enumeration

Related Identifiers

Affected Products

References · 6