NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-6409

Summary	A Denial of Service (DoS) vulnerability exists in the Protobuf PHP library during the parsing of untrusted input. Maliciously structured messages—specifically those containing negative varints or deep recursion—can be used to crash the application, impacting service availability.
Publication Date	April 17, 2026, 12:17 a.m.
Registration Date	April 17, 2026, 4:13 a.m.
Last Update	April 17, 2026, 12:17 a.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-p2gh-cfq4-4wjc	cve-coordination@google.com

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-20	不適切な入力確認	https://cwe.mitre.org/data/definitions/20.html