Six vulnerabilities in protobuf.js—the JavaScript/TypeScript implementation of Protocol Buffers (Protobuf)—can lead to remote code execution (RCE) and denial of service (DoS) in Node.js environments. Cyera’s research team collectively codenamed the issues Proto6.
If you work with services that serialize or deserialize Protobuf, this matters. Protobuf is a widely used, open-source way to encode structured data. It started inside Google and has been public since 2008.
What’s affected
According to Cyera, the impact reaches:
- Node.js applications using protobuf.js
- Google Cloud client libraries
- Messaging frameworks like Baileys
- CI/CD pipelines
In short, any Node.js service that deserializes Protobuf data or generates code from schemas with protobuf.js is likely affected.
“In affected environments, a single malicious protobuf schema, descriptor, or crafted payload could be enough to trigger crashes, runtime corruption, or even code execution,” Cyera security researcher Assaf Morag said.
Cyera attributes the root cause to the library treating schemas and metadata as trusted by default, allowing unvalidated inputs to steer application behavior.
The six CVEs
- CVE-2026-44289 (CVSS 7.5): DoS through unbounded protobuf recursion
- CVE-2026-44290 (CVSS 7.5): Process-wide DoS when loading schemas with unsafe option paths
- CVE-2026-44291 (CVSS 8.1): Code generation gadget after prototype pollution
- CVE-2026-44292 (CVSS 5.3): Prototype injection in generated message constructors
- CVE-2026-44294 (CVSS 5.3): DoS from crafted field names in generated code
- CVE-2026-44295 (CVSS 8.7): Code injection in
pbjsstatic output from crafted schema names
While exploitation typically needs certain conditions, Cyera notes those conditions are common in data and AI ecosystems where schemas and configuration files move across services, repos, cloud platforms, and third-party integrations.
How attacks could play out
- Introduce a malicious protobuf schema into CI/CD to poison workflows and leak build secrets (CVE-2026-44295).
- Crash Node.js services—such as WhatsApp bots using Baileys—via a specially crafted message (CVE-2026-44292).
The most severe path to code execution is CVE-2026-44291, triggered when a Node.js app accepts attacker-controlled input and later uses protobuf.js to encode or decode messages.
“That input reaches a prototype pollution gadget,” security researcher Vladimir Tokarev explained. “Later, the same process uses protobuf.js to encode or decode a message. Because protobuf.js resolves type names through plain property lookups, a polluted Object.prototype can make an attacker-controlled string look like a valid protobuf primitive.”
“Protobuf.js then inserts that string into a generated encoder or decoder function and compiles it with Function(). The attacker gets arbitrary JavaScript execution inside the Node.js process.”
Affected versions
- protobuf.js: versions <= 7.5.5 and >= 8.0.0 <= 8.0.1
- protobufjs-cli: versions <= 1.2.0 and >= 2.0.0 <= 2.0.1
Fixes available
Patches are available in protobufjs 7.5.6 and 8.0.2, and protobufjs-cli 1.2.1 and 2.0.2. Update to these releases to reduce risk.
“Because protobuf.js is heavily used inside databases, vector stores, inference pipelines, orchestration systems, CI/CD tooling, and cloud SDKs, successful exploitation could impact sensitive enterprise and AI workloads at scale,” Cyera said.
“Modern software increasingly treats schemas, metadata, and configuration files as trusted inputs that drive automation, orchestration, and code generation. When those trust assumptions break, data can become behavior. That shift creates new attack surfaces that security teams must learn to identify and manage.”
If your services handle Protobuf, treat schemas and metadata as untrusted inputs, and prioritize patching to the fixed versions listed above.
Reference: View article