By ByteBot
Cyera Research disclosed six vulnerabilities in protobuf.js on June 10 — collectively tagged Proto6. The library pulls nearly 50 million weekly downloads and lives inside gRPC tooling, Firebase, and Google Cloud SDKs. Two of the six bugs achieve remote code execution. One targets your production services. The other targets your CI/CD pipeline. Public exploit code is already circulating. Patches landed in versions 7.5.6 and 8.0.2. If you haven’t upgraded yet, that’s what matters most.
The Two That Can Execute Code
The most dangerous flaw is CVE-2026-44295 (CVSS 8.7). It targets the pbjs CLI tool — the utility that generates JavaScript from .proto schema files. If an attacker controls a schema name (via a pull request, a schema registry, or a fetched external definition), that name can be injected as JavaScript directly into the generated build output. When CI imports the generated file during a trusted build run, the payload executes. Targets include build secrets, signing credentials, cloud tokens, and package registry access. CI/CD is where you don’t expect code injection, which is exactly what makes it effective.
The second RCE is CVE-2026-44291 (CVSS 8.1). It’s a prototype pollution gadget. protobuf.js used plain JavaScript objects for internal type lookup tables — objects whose prototype chain was inherited rather than frozen. If Object.prototype had already been polluted through a separate input vector, those lookup tables resolve attacker-controlled inherited properties as valid protobuf type information. The result: protobuf.js generates and compiles malicious code during message encoding or decoding inside the running Node.js process.
What All Six Share
Cyera’s research title says it plainly: Proto6: The Schema Was Not Supposed to Run. All six vulnerabilities trace back to a single architectural decision — treating schema metadata as trusted. Field names, type names, option paths, and descriptors were handled as safe internal data. In practice, those values flow in from external schema registries, open-source .proto files, and CI-fetched definitions — all potentially attacker-influenced.
The four remaining CVEs are not RCE but still exploitable in production:
- CVE-2026-44289 (CVSS 7.5): Unbounded recursion in crafted messages — process crash
- CVE-2026-44290 (CVSS 7.5): Unsafe schema option paths — process-wide denial of service
- CVE-2026-44292 (CVSS 5.3): Prototype injection in generated message constructors
- CVE-2026-44294 (CVSS 5.3): DoS via crafted field names in generated code
The Transitive Dependency Trap
Most affected projects don’t import protobufjs directly. It arrives as a transitive dependency through @grpc/proto-loader, Firebase SDK, or Google Cloud Node.js client libraries. A standard npm audit run may not surface it clearly. The command you want is npm ls protobufjs, which traces all paths — direct and transitive — to the package.
Fix It Now
The patches are available. Run the version check first, then upgrade:
# Find all instances (including transitive)
npm ls protobufjs
# Check for advisory flags
npm audit
# Upgrade — v7 line
npm install protobufjs@^7.5.6
# Upgrade — v8 line
npm install protobufjs@^8.0.2If a transitive dependency pins a vulnerable version and you can’t update it directly, force the patched version in package.json:
{
"overrides": {
"protobufjs": "^7.5.6"
}
}For the CLI tool, upgrade protobufjs-cli to 1.2.1 (v7) or 2.0.2 (v8). If your build pipeline generates JavaScript from .proto files, that is the higher-priority upgrade given CVE-2026-44295’s CI/CD attack surface.
The Bigger Pattern
protobuf.js is not the first serialization library to make this mistake, and it won’t be the last. Any library that reads external schema definitions, validates untrusted data formats, or generates code from developer-supplied inputs carries the same potential exposure. Proto6 is a preview of where supply chain attacks are heading: not just compromised npm packages, but schema poisoning — where the definition file itself becomes the exploit payload.
Developer teams running schema-driven tooling should audit their trust boundaries. The question is not “is this library trusted?” — it’s “are the inputs to this library treated with the same scrutiny as network requests from untrusted sources?” For most teams, the honest answer is no. The Hacker News coverage and the full Cyera advisory have the complete technical breakdown. Check your versions on the protobufjs npm page and patch today.
