CVE-2026-6409

Vulnerability Description

A Denial of Service (DoS) vulnerability exists in the Protobuf PHP library during the parsing of untrusted input. Maliciously structured messages—specifically those containing negative varints or deep recursion—can be used to crash the application, impacting service availability.

Related Weaknesses (CWE)

CWE-20

References

https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-p2gh-cfq4-4

FAQ

What is CVE-2026-6409?

CVE-2026-6409 is a documented vulnerability. A Denial of Service (DoS) vulnerability exists in the Protobuf PHP library during the parsing of untrusted input. Maliciously structured messages—specifically those containing negative varints or deep...

How severe is CVE-2026-6409?

CVSS scoring is not yet available for CVE-2026-6409. Check NVD for updates.

Is there a patch for CVE-2026-6409?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.