Six Proto6 Vulnerabilities in protobuf.js Expose Node.js Apps to RCE and DoS
Six vulnerabilities in the protobuf.js library, a JavaScript implementation of Protocol Buffers, could allow attackers to achieve remote code execution (RCE) and denial-of-service (DoS) attacks.
Cybersecurity researchers have identified six critical vulnerabilities, collectively named Proto6, within the widely-used protobuf.js library. This JavaScript and TypeScript implementation of Google's Protocol Buffers (Protobuf) is prevalent in Node.js applications, potentially exposing numerous systems to remote code execution (RCE) and denial-of-service (DoS) attacks. A single malicious protobuf schema, descriptor, or crafted payload is sufficient to trigger these flaws, leading to crashes, runtime corruption, or even code execution.
Protobuf, originally developed by Google, is a language-agnostic mechanism for serializing structured data. Its JavaScript implementation, protobuf.js, is utilized in various environments, including Node.js applications, Google Cloud client libraries, messaging frameworks like Baileys, and CI/CD pipelines. Any Node.js service that deserializes Protobuf data or generates code from schemas using this library is considered at risk.
The identified vulnerabilities range in severity, with CVSS scores from 5.3 to 8.7. Notable flaws include CVE-2026-44289 and CVE-2026-44290, both with a CVSS score of 7.5, which enable DoS attacks through unbounded recursion and unsafe option loading, respectively. CVE-2026-44291 (CVSS 8.1) and CVE-2026-44295 (CVSS 8.7) are particularly concerning as they can lead to code generation gadgets after prototype pollution and code injection in static output, respectively.
According to researchers, the root cause of these vulnerabilities lies in the library's default trust in schema and metadata inputs, leading to validation oversights that can manipulate application behavior. While exploitation often requires specific conditions, these conditions are becoming increasingly common in data and AI ecosystems where data, schemas, and configuration files are routinely exchanged across services and platforms.
Exploitation scenarios include poisoning CI/CD workflows with malicious protobuf schemas to leak build secrets (CVE-2026-44295) or crashing Node.js services like WhatsApp bots built with Baileys via specially crafted messages (CVE-2026-44292). The most severe flaw, CVE-2026-44291, allows for arbitrary JavaScript execution within a Node.js process when an attacker-controlled input pollutes the Object.prototype, which is then used by protobuf.js to resolve type names.
The vulnerable versions of protobuf.js include versions up to 7.5.5 and versions from 8.0.0 up to 8.0.1. Similarly, protobufjs-cli versions up to 1.2.0 and from 2.0.0 up to 2.0.1 are affected. Fortunately, patches are available. Users should update to protobufjs 7.5.6 or 8.0.2, and protobufjs-cli 1.2.1 or 2.0.2 to mitigate these risks.
The widespread use of protobuf.js in critical infrastructure such as databases, vector stores, inference pipelines, orchestration systems, and cloud SDKs means that successful exploitation could have significant impacts on enterprise and AI workloads. This discovery highlights a growing trend where modern software increasingly treats schemas, metadata, and configuration files as trusted inputs, creating new attack surfaces when these trust assumptions are violated.