CVE-2026-6409

EUVD-2026-23268
A Denial of Service (DoS) vulnerability exists in the Protobuf PHP library during the parsing of untrusted input. Maliciously structured messages—specifically those containing negative varints or deep recursion—can be used to crash the application, impacting service availability.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
UNKNOWN
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 28%
Debian logo
Debian Releases
Debian Product
Codename
protobuf
bookworm
3.21.12-3+deb12u1
fixed
bullseye
postponed
forky
3.21.12-16
fixed
sid
3.21.12-16
fixed
trixie
3.21.12-11+deb13u1
fixed
Azure Linux logo
Azure Linux Releases
Azure Package
Release
protobuf
Azure Linux 3.0
0:25.3-7.azl3
fixed