CVE-2026-0994 in Protobuf
Summary
by MITRE • 01/23/2026
A denial-of-service (DoS) vulnerability exists in google.protobuf.json_format.ParseDict() in Python, where the max_recursion_depth limit can be bypassed when parsing nested google.protobuf.Any messages.
Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can supply deeply nested Any structures that bypass the intended recursion limit, eventually exhausting Python’s recursion stack and causing a RecursionError.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 05/03/2026
This vulnerability resides within the google.protobuf library's json_format.ParseDict() function in Python, representing a critical denial-of-service weakness that undermines the library's safety mechanisms. The flaw specifically targets the handling of google.protobuf.Any messages, which are designed to encapsulate arbitrary messages while maintaining type information. When parsing JSON data that contains deeply nested Any structures, the library fails to properly account for recursion depth within its internal Any-handling logic, creating a bypass condition that allows attackers to circumvent the intended max_recursion_depth limit.
The technical implementation of this vulnerability exploits the fundamental design of protobuf's Any message handling where nested structures can be arbitrarily deep. Within the json_format.ParseDict() function, the recursion depth tracking mechanism is insufficiently applied to Any message processing, meaning that each nested Any structure does not increment the recursion counter appropriately. This gap in the recursion accounting allows attackers to craft malicious JSON payloads containing deeply nested Any messages that appear to respect the recursion limit while actually consuming the full Python recursion stack. The vulnerability is particularly dangerous because it operates at the parsing layer, making it accessible to any application that processes user-supplied JSON data through protobuf's parsing functions.
The operational impact of this vulnerability extends beyond simple service disruption, as it can be leveraged in various attack scenarios including web application exploitation, API endpoint abuse, and automated attack frameworks. When an application parses user-provided JSON data through protobuf's ParseDict function, an attacker can construct a payload that triggers the RecursionError, causing the application to crash or become unresponsive. This behavior aligns with attack patterns documented in the attack tactic of execution and the technique of resource exhaustion, as defined in the MITRE ATT&CK framework. The vulnerability affects any Python application using the google.protobuf library that processes external JSON input, making it particularly prevalent in REST APIs, microservices architectures, and any system that accepts JSON data for protobuf message conversion.
Mitigation strategies for this vulnerability require multiple layers of protection to address both the immediate issue and prevent exploitation. The most direct approach involves upgrading to a patched version of the google.protobuf library where the recursion depth accounting has been corrected for Any message handling. Organizations should also implement input validation and sanitization at application boundaries, particularly for JSON data that will be parsed through protobuf functions. Additionally, implementing rate limiting and resource constraints on parsing operations can help prevent exploitation attempts from exhausting system resources. The vulnerability demonstrates the importance of proper recursion accounting in serialization libraries and highlights the need for comprehensive testing of edge cases in data parsing functions. Security teams should monitor for this vulnerability in their dependency management systems and ensure that all protobuf-related components are updated to versions that address the recursion depth bypass issue. This type of vulnerability is classified under CWE-264, which deals with improper control of a resource through its interface, and represents a significant concern for applications handling untrusted data through serialization mechanisms.