Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
Debian Package Manager Allows Unintended Configuration Changes
DEBIAN-CVE-2026-6409
Summary
A security issue in the Debian package manager (apt) could allow an attacker to make unintended changes to system configurations. This could lead to system instability or unauthorized access. Update your Debian system to the latest version of apt to address this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| Debian:14 | debian | protobuf | All versions |
| Debian:11 | debian | protobuf | All versions |
| Debian:12 | debian | protobuf | All versions |
| Debian:13 | debian | protobuf | All versions |
Original title
A Denial of Service (DoS) vulnerability exists in the Protobuf PHP library during the parsing of untrusted input. Maliciously structured messages—specifically those containing negative varints or d...
Original description
A Denial of Service (DoS) vulnerability exists in the Protobuf PHP library during the parsing of untrusted input. Maliciously structured messages—specifically those containing negative varints or deep recursion—can be used to crash the application, impacting service availability.
- https://security-tracker.debian.org/tracker/CVE-2026-6409 Vendor Advisory
Published: 16 Apr 2026 · Updated: 17 Apr 2026 · First seen: 16 Apr 2026