protobufjs CVE-2026-44292
MEDIUMSeverity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Lifecycle Timeline
3Blast Radius
ecosystem impact- 1,242 npm packages depend on protobufjs (72 direct, 1,171 indirect)
Ecosystem-wide dependent count for version 8.0.0.
DescriptionGitHub Advisory
Summary
protobufjs generated message constructors copied enumerable properties from a provided properties object without filtering the __proto__ key. If an application constructed a message from an attacker-controlled plain object, an own enumerable __proto__ property could alter the prototype of that individual message instance.
Impact
An attacker who can control the properties object passed to a generated protobufjs message constructor or creation helper may be able to modify the prototype chain of the resulting message instance.
This is a per-instance prototype injection issue. It does not pollute Object.prototype or other global prototypes. The impact depends on downstream application behavior, such as relying on inherited properties, prototype methods, or instanceof checks for message objects.
Applications that only decode binary protobuf data, or that construct messages from trusted application-defined objects, are not directly affected by this issue.
Preconditions
- The application must allow an attacker to control or influence a plain object used to construct a protobufjs message.
- The object must contain an own enumerable
__proto__property, for example from parsed JSON input. - The application must pass that object to a generated message constructor or creation helper that copies arbitrary enumerable properties.
Workarounds
Do not pass attacker-controlled plain objects directly to generated message constructors with affected versions. If untrusted JSON input must be accepted, validate or sanitize object keys before constructing messages, and reject __proto__ properties.
AnalysisAI
Prototype injection in protobufjs generated message constructors allows attackers controlling plain objects passed to message constructors to modify the prototype chain of individual message instances via an enumerable __proto__ property. Affects protobufjs versions 7.5.5 and earlier, and 8.0.0-8.0.1. This is a per-instance prototype pollution issue (not global) with impact dependent on downstream application behavior such as inherited property reliance or instanceof checks. No active exploitation confirmed; no public exploit identified at time of analysis.
Technical ContextAI
protobufjs is a JavaScript protocol buffer implementation that generates message constructors for binary protobuf encoding/decoding. The vulnerability exists in the message constructor code generation, which copies enumerable properties from a user-supplied plain object without filtering the special __proto__ key. In JavaScript, __proto__ is a special property that defines an object's prototype chain. When an object literal with an own enumerable __proto__ property (e.g., from parsed JSON input via JSON.parse()) is passed to a generated message constructor, the constructor blindly copies this property, causing the resulting message instance to inherit from the attacker-controlled prototype instead of the intended message prototype. This is distinct from global prototype pollution because it affects only the individual message instance, not Object.prototype or shared prototypes. The root cause is classified as CWE-1321 (Improperly Controlled Modification of Object-Prototype Attributes in JavaScript).
RemediationAI
Upgrade to patched versions: protobufjs 7.5.6 or later for the 7.x branch, or 8.0.2 or later for the 8.x branch. Release notes available at https://github.com/protobufjs/protobuf.js/releases/tag/protobufjs-v7.5.6. Interim workaround if immediate upgrade is not feasible: sanitize or validate object keys before passing plain objects to generated message constructors, explicitly rejecting any object with an own __proto__ property using hasOwnProperty('__proto__') checks or by reconstructing the object to exclude prototype-altering keys. Alternatively, use Object.create(null) or other mechanisms to ensure input objects cannot define __proto__ as an own enumerable property. Note that sanitization adds processing overhead and maintainability burden, so patching is strongly preferred.
More in Prototype Pollution
View allPrototype pollution in Adobe Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier enables arbitrary code execu
Prototype pollution in the farinspace Partners WordPress plugin (versions up to and including 0.2.0) enables remote unau
Prototype pollution vulnerability in 'deephas' versions 1.0.0 through 1.0.5 allows attacker to cause a denial of service
A Prototype Pollution issue in Cronvel Tree-kit v.0.7.4 and before allows a remote attacker to execute arbitrary code vi
A Prototype Pollution issue in Aliconnect /sdk v.0.0.6 allows an attacker to execute arbitrary code via the aim function
All versions of the package safe-eval are vulnerable to Prototype Pollution via the safeEval function, due to improper s
This affects the package vm2 before 3.9.4 via a Prototype Pollution attack vector, which can lead to execution of arbitr
Prototype Pollution in chargeover redoc v2.0.9-rc.69 allows attackers to execute arbitrary code or cause a Denial of Ser
alizeait unflatto <= 1.0.2 was discovered to contain a prototype pollution via the method exports.unflatto at /dist/inde
A vulnerability exists in the 'dagre-d3-es' Node.js package version 7.0.9, specifically within the 'bk' module's addConf
A Prototype Pollution vulnerability in the util-deps.addFileDepend function of magix-combine-ex versions thru 1.2.10 all
Chartist 1.x through 1.3.0 allows Prototype Pollution via the extend function. Rated critical severity (CVSS 9.8), this
Share
External POC / Exploit Code
Leaving vuln.today
GHSA-fx83-v9x8-x52w