VibeAudits
SecurityBlog Post

Proto6: Six protobuf.js Vulnerabilities Enable RCE and DoS

Six new protobuf.js flaws (Proto6) let attackers run code and crash Node.js apps through untrusted schemas. Affected versions, patches, and what to fix first.

June 11, 2026
1 min read
Proto6: Six protobuf.js Vulnerabilities Enable RCE and DoS
Is your AI-built app exposed? Get a professional vibe coding audit and ship to production with confidence.

A library you have probably never installed on purpose has become a serious risk to a lot of software. Researchers at Cyera disclosed six vulnerabilities in protobuf.js, the JavaScript and TypeScript version of Google's Protocol Buffers. The cluster is named Proto6, and it affects a package that sees more than 50 million downloads every week.

Most teams do not pull in protobuf.js directly. It arrives quietly through other tools: gRPC tooling, Google Cloud client libraries, messaging frameworks like Baileys, and CI/CD pipelines. If your Node.js service decodes Protobuf data or generates code from a schema, you are likely in scope whether you know it or not.

So what is a schema, in plain terms? It is the blueprint that describes the shape of data being passed between systems. The whole point of Proto6 is that protobuf.js treated those blueprints as safe by default. Field names, type names, and configuration values were trusted, even in situations where an attacker could influence them.

When input that looks trusted really is not, data starts turning into behavior.

The two flaws that should worry you most

Close behind is CVE-2026-44295, rated 8.7. This one targets the pbjs command line tool. A crafted schema name gets written into generated JavaScript files. If those files are later imported during a build or deploy, the injected code runs inside the CI/CD environment, the place that usually holds source code, signing keys, and cloud credentials.

The rest of the cluster

The other four flaws round out the picture. CVE-2026-44289 and CVE-2026-44290 cause denial of service through runaway recursion and unsafe option paths. CVE-2026-44292 allows prototype injection in generated message constructors, the kind of bug that can crash a WhatsApp bot built on Baileys with a single crafted message. CVE-2026-44294 is another denial of service, triggered by malformed field names.

The pattern across all six is the same. Schemas, descriptors, and config files are increasingly treated as automation fuel, especially in data and AI systems that swap files between services, repos, and third-party integrations constantly. That convenience is exactly where the new attack surface lives.

What to do now

Upgrade protobuf.js to 7.5.6 or 8.0.2. Upgrade protobufjs-cli to 1.2.1 or 2.0.2. Anything at or below 7.5.5, or in the 8.0.0 to 8.0.1 range, is exposed.

Then check your transitive dependencies, because that is where protobuf.js usually hides. A direct version bump means nothing if a sub-dependency still ships the old one.

Finally, stop treating schemas as harmless. If a .proto file or descriptor can come from outside your team, validate it like any other untrusted input before it reaches your generation or decode logic.

Proto6 is a reminder that modern apps are stitched together from inputs nobody fully reads. Vibe-coded products and AI agent deployments are especially prone to this, since dependencies get pulled in fast and rarely audited.

VibeAudits

Security Experts

Worried your vibe-coded app has issues like this?

We run professional code audits for SaaS apps and AI features built with Cursor, Claude, Copilot, Lovable and Replit. We find the security and reliability problems before your customers (or attackers) do, then hand you a fix-ready report.