SB2026051265 - Code Injection in protobufjs-cli

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2026051265

SB2026051265 - Code Injection in protobufjs-cli

Published: May 12, 2026

Security Bulletin ID SB2026051265
CSH Severity
Medium
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Code Injection (CVE-ID: CVE-2026-44295)

The vulnerability allows a remote user to execute arbitrary code.

The vulnerability exists due to improper control of code generation in pbjs static code generation output when processing a crafted schema or JSON descriptor. A remote user can provide crafted schema names to inject attacker-controlled code into generated JavaScript output to execute arbitrary code.

User interaction is required because the generated JavaScript file must later be executed, imported, or otherwise evaluated.


Remediation

Install update from vendor's website.

References