← Back to CVEs
CVE-2026-6409
N/ADescription
A Denial of Service (DoS) vulnerability exists in the Protobuf PHP library during the parsing of untrusted input. Maliciously structured messages—specifically those containing negative varints or deep recursion—can be used to crash the application, impacting service availability.
CVE Details
CVSS v3.1 ScoreN/A
Published4/16/2026
Last Modified4/17/2026
Sourcenvd
Honeypot Sightings0
Weaknesses (CWE)
CWE-20
References
https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-p2gh-cfq4-4wjc(cve-coordination@google.com)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.