Unrated severityNVD Advisory· Published Mar 24, 2026· Updated Mar 24, 2026
Heap Buffer Over-Write Vulenrabilty in timeplus-io/proton
CVE-2026-4746
Description
Out-of-bounds Write vulnerability in timeplus-io proton (base/poco/Foundation/src modules). This vulnerability is associated with program files inflate.C.
This issue affects proton: before 1.6.16.
Affected products
2<1.6.16+ 1 more
- (no CPE)range: <1.6.16
- (no CPE)range: 0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- github.com/timeplus-io/proton/pull/943mitrepatch
News mentions
9- Instagram messaging encryption removed, and privacy advocates are pushing backHelp Net Security · May 11, 2026
- Week in review: cPanel vulnerability actively exploited, DigiCert breach, LinkedIn job scamsHelp Net Security · May 10, 2026
- Meta U-turns on encryption push for Instagram as DMs go plaintextThe Register Security · May 8, 2026
- ThreatsDay Bulletin: Edge Plaintext Passwords, ICS 0-Days, Patch-or-Die Alerts and 25+ New StoriesThe Hacker News · May 7, 2026
- UK age-gating plans risk breaking the internet, privacy groups warnThe Register Security · May 6, 2026
- OceanLotus suspected of using PyPI to deliver ZiChatBot malwareSecurelist · May 6, 2026
- Proton Mail brings quantum-safe email encryption to all accountsHelp Net Security · May 6, 2026
- The npm Threat Landscape: Attack Surface and Mitigations (Updated May 1)Unit 42 · May 2, 2026
- Google Warns of New Threat Group Targeting BPOs and HelpdesksInfosecurity Magazine · Apr 9, 2026