HIGH SeverityCVSS 4.07.1CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
CVE-2026-6409
Last updated Apr 16, 2026 · Published Apr 16, 2026
Description
A Denial of Service (DoS) vulnerability exists in the Protobuf PHP library during the parsing of untrusted input. Maliciously structured messages—specifically those containing negative varints or deep recursion—can be used to crash the application, impacting service availability.
Affected products
1 listed- Protocol Buffers:Protobuf-php (Pecl)
Mappings
CWE
CWE-20
CAPEC
CAPEC-130
CVE® content © MITRE Corporation. Licensed under the CVE Terms of Use. Terms