CVE-2026-5758

MEDIUM 6.5

Mafintosh's protocol-buffers-schema is vulnerable to prototype pollution

CVSS Score

6.5

EPSS Score

0.0%

EPSS Percentile

0th

JavaScript is vulnerable to prototype pollution in Mafintosh's protocol-buffers-schema Version 3.6.0, where an attacker may alter the application logic, bypass security checks, cause a DoS or achieve remote code execution.

Vendor	mafintosh
Product	protocol-buffers-schema parser
Published	Apr 15, 2026
Last Updated	Apr 15, 2026

Stay Ahead of the Next One

Get instant alerts for mafintosh protocol-buffers-schema parser

Be the first to know when new medium vulnerabilities affecting mafintosh protocol-buffers-schema parser are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Mafintosh / Protocol-buffers-schema parser

3.6.0 < 3.6.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/mafintosh/protocol-buffers-schema/pull/70 morielharush.github.io: https://morielharush.github.io/2026/04/12/cve-2026-5758-protocol-buffers-schema-prototype-pollution/