Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.1
PHP Protobuf Library Can Crash with Malicious Input
CVE-2026-6409
Summary
An attacker can crash a PHP application that uses the Protobuf library by sending specially crafted messages. This can cause the application to become unavailable, impacting users. To protect against this, ensure you validate all input to the library to prevent such malicious data.
Original title
A Denial of Service (DoS) vulnerability exists in the Protobuf PHP library during the parsing of untrusted input. Maliciously structured messages—specifically those containing negative varints or d...
Original description
A Denial of Service (DoS) vulnerability exists in the Protobuf PHP library during the parsing of untrusted input. Maliciously structured messages—specifically those containing negative varints or deep recursion—can be used to crash the application, impacting service availability.
nvd CVSS4.0
7.1
Vulnerability type
CWE-20
Improper Input Validation
Published: 16 Apr 2026 · Updated: 16 Apr 2026 · First seen: 16 Apr 2026