Proto6 bugs in protobuf.js allow RCE and DoS — update now

Security researchers at Cyera disclosed six vulnerabilities in protobuf.js, calling the set Proto6, that can enable remote code execution and denial-of-service in Node.js applications. Patches are available in protobufjs 7.5.6 and 8.0.2 and in protobufjs-cli 1.2.1 and 2.0.2.

Cyera researchers found that a single malicious protobuf schema, descriptor, or crafted payload can crash processes, corrupt runtime state, or allow code execution. The flaws affect Node.js services that deserialize Protobuf data or generate code from schemas with protobuf.js, including Google Cloud client libraries, messaging frameworks such as Baileys, and CI/CD pipelines.

The researchers traced the root cause to protobuf.js treating schema and metadata as trusted by default. When code generation or message handling assumes those inputs are safe, attacker-controlled data can change program behavior.

Cyera assigned six CVEs to the issues. CVE-2026-44289 (CVSS 7.5) causes denial-of-service via unbounded protobuf recursion. CVE-2026-44290 (CVSS 7.5) can trigger a process-wide denial-of-service when loading schemas with unsafe option paths. CVE-2026-44291 (CVSS 8.1) is a code generation gadget that enables remote code execution after prototype pollution. CVE-2026-44292 (CVSS 5.3) allows prototype injection in generated message constructors. CVE-2026-44294 (CVSS 5.3) produces denial-of-service from crafted field names in generated code. CVE-2026-44295 (CVSS 8.7) allows code injection in pbjs static output from crafted schema names.

One attack path described by the researchers involves prototype pollution followed by runtime code generation. Attacker-controlled input can reach a prototype pollution vector. Later, when protobuf.js resolves type names via plain property lookups, a polluted Object.prototype can make an attacker-controlled string appear as a valid protobuf primitive. That string can be inserted into a generated encoder or decoder and compiled with Function(), leading to arbitrary JavaScript execution inside the Node.js process.

Cyera highlighted exploitation scenarios such as introducing a malicious schema into a CI/CD workflow to leak build secrets (CVE-2026-44295) and sending crafted messages to crash or hijack services like WhatsApp bots built with Baileys (CVE-2026-44292). The researchers noted protobuf.js is widely embedded in databases, vector stores, inference pipelines, orchestration systems, CI/CD tooling, and cloud SDKs.

Affected releases include protobuf.js versions up to 7.5.5 and versions 8.0.0 through 8.0.1, and protobufjs-cli versions up to 1.2.0 and 2.0.0 through 2.0.1. Patches are available in protobufjs 7.5.6 and 8.0.2 and protobufjs-cli 1.2.1 and 2.0.2. Cyera advised updating to the patched releases and treating schemas and other metadata from external sources as untrusted inputs.