CVE-2026-6409

UNKNOWN 0.0

Denial of Service (DoS) vulnerability exists in the Protobuf PHP library during the parsing of untrusted input

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

A Denial of Service (DoS) vulnerability exists in the Protobuf PHP library during the parsing of untrusted input. Maliciously structured messages—specifically those containing negative varints or deep recursion—can be used to crash the application, impacting service availability.

CWE	CWE-20
Vendor	protocol buffers
Product	protobuf-php (pecl)
Published	Apr 16, 2026
Last Updated	Apr 16, 2026

Stay Ahead of the Next One

Get instant alerts for protocol buffers protobuf-php (pecl)

Be the first to know when new unknown vulnerabilities affecting protocol buffers protobuf-php (pecl) are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Protocol Buffers / Protobuf-php (Pecl)

0 < 5.34.0-RC1 0 < 4.33.6

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-p2gh-cfq4-4wjc

Credits

https://github.com/34selen