protobuf.js CVE-2026-44291
HIGHSeverity by source
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3Blast Radius
ecosystem impact- 1,242 npm packages depend on protobufjs (72 direct, 1,171 indirect)
Ecosystem-wide dependent count for version 8.0.0.
DescriptionGitHub Advisory
Summary
protobufjs used plain objects with inherited prototypes for internal type lookup tables used by generated encode and decode functions. If Object.prototype had already been polluted, those lookup tables could resolve attacker-controlled inherited properties as valid protobuf type information.
This could cause attacker-controlled strings to be emitted into generated JavaScript code.
Impact
An attacker who can first trigger a prototype pollution vulnerability may be able to influence generated protobufjs encode or decode functions in a way that can lead to arbitrary JavaScript execution.
This issue requires a separate prototype pollution primitive before protobufjs is invoked.
Applications without a reachable prototype pollution primitive are not directly exploitable through this issue alone.
Preconditions
- The application or one of its dependencies must allow an attacker to pollute
Object.prototype. - The polluted property must affect protobufjs internal type lookup behavior.
- The application must use protobufjs functionality that generates encode or decode code for affected types.
- The generated code path must be reached after the prototype pollution has occurred.
Workarounds
Avoid running affected versions in applications where attacker-controlled input can pollute Object.prototype. If immediate upgrade is not possible, remove or mitigate reachable prototype pollution primitives and isolate schema/message processing from untrusted application state.
AnalysisAI
Prototype pollution in protobuf.js type lookup tables enables remote code execution via code injection into generated encode/decode functions. Affects npm package protobuf.js versions ≤7.5.5 and 8.0.0-8.0.1. Exploitation requires chaining with a separate prototype pollution vulnerability-applications must first allow Object.prototype pollution, then invoke protobufjs code generation on attacker-influenced schemas. Vendor-released patches available (v7.5.6, v8.0.2). CVSS 8.1 (High) reflects network vector but high attack complexity (AC:H) due to multi-step prerequisite. No evidence of active exploitation (not in CISA KEV), public exploit code not identified at time of analysis.
Technical ContextAI
protobuf.js is a popular Protocol Buffers implementation for JavaScript/TypeScript (npm package protobufjs, used in Node.js and browser environments). The library dynamically generates encode/decode functions from protobuf schemas using plain JavaScript objects for internal type lookup tables. CWE-94 (Code Injection) occurs because these lookup objects inherit from Object.prototype without defensive property checks. When Object.prototype has been polluted with attacker-controlled properties (e.g., via JSON.parse vulnerabilities, recursive merge functions, or other prototype pollution primitives), the type lookup can resolve malicious inherited properties as legitimate type metadata. This polluted metadata then flows into code generation logic, causing attacker-controlled strings to be emitted directly into dynamically generated JavaScript functions-effectively achieving arbitrary code execution when those generated functions are invoked. The vulnerability exists in the code generation pipeline itself, not in schema parsing, making it a second-order exploitation gadget dependent on prior prototype pollution.
RemediationAI
Upgrade to patched versions immediately: protobufjs v7.5.6 for the 7.x branch or v8.0.2 for the 8.x branch. Both patches implement input hardening in type lookup tables to prevent inherited property resolution from polluted prototypes (per GitHub release notes commit 75392ea). If immediate upgrade is infeasible, implement defense-in-depth compensating controls: First, eliminate or mitigate all reachable prototype pollution primitives in the application (audit JSON parsing, object merging, deep clone operations). Second, freeze Object.prototype using Object.freeze(Object.prototype) at application startup-this prevents new property additions but may break legitimate code expecting prototype extensibility; test thoroughly in non-production first. Third, isolate protobufjs schema processing from untrusted application state by running code generation in a separate sandboxed context or during build time only (not at runtime with user input). Fourth, apply strict Content Security Policy headers to limit damage if code injection occurs. Note these workarounds significantly reduce functionality and have compatibility risks-vendor patch is the definitive solution. Advisory: https://github.com/protobufjs/protobuf.js/security/advisories/GHSA-75px-5xx7-5xc7.
Same weakness CWE-94 – Code Injection
View allSame technique Code Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
GHSA-75px-5xx7-5xc7