protobufjs CVE-2026-44290
HIGHSeverity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
3Blast Radius
ecosystem impact- 1,242 npm packages depend on protobufjs (72 direct, 1,171 indirect)
Ecosystem-wide dependent count for version 8.0.0.
DescriptionGitHub Advisory
Summary
protobufjs allowed certain schema option paths to traverse through inherited object properties while applying options. A crafted protobuf schema or JSON descriptor could cause option handling to write to properties on global JavaScript constructors, corrupting process-wide built-in functionality.
Impact
An attacker who can provide or influence protobuf schemas or JSON descriptors may be able to corrupt built-in process state in a way that causes subsequent application code or protobufjs code to fail. This can result in a persistent denial of service for the lifetime of the affected process.
This issue affects applications that parse or load protobuf schemas or descriptors from untrusted sources. Applications that use bundled, generated, or otherwise trusted schemas to decode untrusted protobuf message payloads are not directly affected.
The issue is not known to allow code execution by itself.
Preconditions
- The application must allow an attacker to control or influence a protobuf schema or JSON descriptor.
- The application must parse or load that schema through protobufjs reflection APIs such as
parse,Root.load,Root.loadSync, orRoot.fromJSON. - The crafted input must contain option paths that reach unsafe inherited properties during option processing.
Workarounds
Do not parse or load protobuf schemas or JSON descriptors from untrusted sources with affected versions. If untrusted schemas must be accepted, validate or reject option names containing unsafe property path components before loading them, and run schema processing in an isolated process.
AnalysisAI
Prototype pollution in protobufjs allows denial of service through corrupted JavaScript built-ins when parsing untrusted schemas. Attackers who control protobuf schemas or JSON descriptors can write to inherited object properties on global constructors, causing process-wide state corruption that persists until restart. CVSS 7.5 (High) with network vector and no authentication required, but real-world risk is limited to applications parsing schemas from untrusted sources-applications only decoding untrusted message payloads with trusted schemas are not affected. Vendor-released patches available: v7.5.6 and v8.0.2. No active exploitation confirmed (not in CISA KEV), and no public exploit code identified at time of analysis.
Technical ContextAI
This vulnerability affects protobufjs (pkg:npm/protobufjs), a JavaScript implementation of Protocol Buffers for serialization. The issue stems from CWE-1321 (Improperly Controlled Modification of Object Prototype Attributes, commonly called prototype pollution). During schema option processing via reflection APIs (parse, Root.load, Root.loadSync, Root.fromJSON), protobufjs failed to sanitize option paths, allowing traversal through JavaScript's prototype chain. Crafted schema option paths could reach inherited properties like __proto__ or constructor.prototype, enabling writes to global constructors (Object, Array, etc.). This corrupts process-wide built-in functionality rather than application-specific state. The vulnerability exists in protobufjs <=7.5.5 and versions 8.0.0-8.0.1, affecting Node.js and browser environments using the library for dynamic schema parsing.
RemediationAI
Upgrade to patched versions immediately: v7.5.6 for 7.x users or v8.0.2 for 8.x users per vendor releases at https://github.com/protobufjs/protobuf.js/releases/tag/protobufjs-v7.5.6 and https://github.com/protobufjs/protobuf.js/releases/tag/protobufjs-v8.0.2. The v7.5.6 release backports input hardening and CLI fixes (commit 75392ea). If immediate patching is not feasible, implement compensating controls: (1) Reject all protobuf schemas and JSON descriptors from untrusted sources-only load schemas from version-controlled, reviewed sources bundled with the application; (2) If untrusted schema input is unavoidable, validate option paths before parsing by rejecting schemas containing unsafe property names like __proto__, constructor, or prototype in option paths; (3) Isolate schema processing in a separate Node.js worker process with restricted permissions and restart it after each schema load to contain corruption; this adds significant performance overhead and complexity. Applications that only decode untrusted protobuf messages using pre-compiled or bundled schemas do not require emergency action, but should still upgrade during normal maintenance cycles to eliminate the attack vector entirely.
More in Prototype Pollution
View allPrototype pollution in Adobe Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier enables arbitrary code execu
Prototype pollution in the farinspace Partners WordPress plugin (versions up to and including 0.2.0) enables remote unau
Prototype pollution vulnerability in 'deephas' versions 1.0.0 through 1.0.5 allows attacker to cause a denial of service
A Prototype Pollution issue in Cronvel Tree-kit v.0.7.4 and before allows a remote attacker to execute arbitrary code vi
A Prototype Pollution issue in Aliconnect /sdk v.0.0.6 allows an attacker to execute arbitrary code via the aim function
All versions of the package safe-eval are vulnerable to Prototype Pollution via the safeEval function, due to improper s
This affects the package vm2 before 3.9.4 via a Prototype Pollution attack vector, which can lead to execution of arbitr
Prototype Pollution in chargeover redoc v2.0.9-rc.69 allows attackers to execute arbitrary code or cause a Denial of Ser
alizeait unflatto <= 1.0.2 was discovered to contain a prototype pollution via the method exports.unflatto at /dist/inde
A vulnerability exists in the 'dagre-d3-es' Node.js package version 7.0.9, specifically within the 'bk' module's addConf
A Prototype Pollution vulnerability in the util-deps.addFileDepend function of magix-combine-ex versions thru 1.2.10 all
Chartist 1.x through 1.3.0 allows Prototype Pollution via the extend function. Rated critical severity (CVSS 9.8), this
Same technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
GHSA-jvwf-75h9-cwgg