CVE-2026-41242 in protobuf.jsالمعلومات

الملخص

بحسب MITRE • 18/04/2026

protobufjs compiles protobuf definitions into JavaScript (JS) functions. In versions prior to 8.0.1 and 7.5.5, attackers can inject arbitrary code in the "type" fields of protobuf definitions, which will then execute during object decoding using that definition. Versions 8.0.1 and 7.5.5 patch the issue.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

مسؤول

GitHub M

حجز

18/04/2026

إفشاء

18/04/2026

الاعتدال

تمت الموافقة

إدخال

VDB-358208

CPE

جاهز

CWE

CWE-94 (مؤكد)

CVSS

6.3 (VulDB)

EPSS

0.00026

KEV

لا

النشاطات

منخفض جدًا

القطاع

Insurance, Hostingprovider, ...

المصادر

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-41242
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-41242
CVE Details	https://www.cvedetails.com/cve/CVE-2026-41242/

التالي ▸نظرة عامة ◂ السابق

Do you want to use VulDB in your project?

Use the official API to access entries easily!