High severityGHSA Advisory· Published Apr 16, 2026· Updated Apr 17, 2026
CVE-2026-6409
CVE-2026-6409
Description
A Denial of Service (DoS) vulnerability exists in the Protobuf PHP library during the parsing of untrusted input. Maliciously structured messages—specifically those containing negative varints or deep recursion—can be used to crash the application, impacting service availability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
google/protobufPackagist | < 4.33.6 | 4.33.6 |
Affected products
2- Range: < 4.33.6
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-p2gh-cfq4-4wjcghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-6409ghsaADVISORY
- github.com/protocolbuffers/protobuf/commit/60e93d2d104f2af9cd345b1c6f3891d91430244aghsaWEB
- github.com/protocolbuffers/protobuf/commit/c8e9b27d95c6ab2d0668b5889e7dac2c477b7038ghsaWEB
- github.com/protocolbuffers/protobuf/issues/24159ghsaWEB
- github.com/protocolbuffers/protobuf/issues/25067ghsaWEB
- github.com/protocolbuffers/protobuf/security/advisories/GHSA-p2gh-cfq4-4wjcnvdWEB
News mentions
0No linked articles in our index yet.