{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-0994", "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "state": "PUBLISHED", "assignerShortName": "Google", "dateReserved": "2026-01-15T15:16:22.904Z", "datePublished": "2026-01-23T14:55:16.876Z", "dateUpdated": "2026-01-30T14:28:11.435Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Protobuf", "vendor": "Python", "versions": [{"status": "affected", "version": "<=v33.4", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">A denial-of-service (DoS) vulnerability exists in google.protobuf.json_format.ParseDict() in Python, where the max_recursion_depth limit can be bypassed when parsing nested google.protobuf.Any messages.</span><br><br><span style=\"background-color: rgb(255, 255, 255);\">Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can supply deeply nested Any structures that bypass the intended recursion limit, eventually exhausting Python\u2019s recursion stack and causing a RecursionError.</span><br>"}], "value": "A denial-of-service (DoS) vulnerability exists in google.protobuf.json_format.ParseDict() in Python, where the max_recursion_depth limit can be bypassed when parsing nested google.protobuf.Any messages.\n\nDue to missing recursion depth accounting inside the internal Any-handling logic, an attacker can supply deeply nested Any structures that bypass the intended recursion limit, eventually exhausting Python\u2019s recursion stack and causing a RecursionError."}], "impacts": [{"capecId": "CAPEC-147", "descriptions": [{"lang": "en", "value": "CAPEC-147: XML Nested Entity Expansion"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "baseScore": 8.2, "baseSeverity": "HIGH", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-674", "description": "CWE-674: Uncontrolled Recursion", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google", "dateUpdated": "2026-01-30T14:28:11.435Z"}, "references": [{"url": "https://github.com/protocolbuffers/protobuf/pull/25239"}], "source": {"discovery": "UNKNOWN"}, "title": "Denial of Service in Python Protobuf", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-23T15:33:48.514298Z", "id": "CVE-2026-0994", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-23T15:34:38.915Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-0994", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-23T15:33:48.514298Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-23T15:33:53.235Z"}}], "cna": {"title": "Denial of Service in Python Protobuf", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-147", "descriptions": [{"lang": "en", "value": "CAPEC-147: XML Nested Entity Expansion"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.2, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Python", "product": "Protobuf", "versions": [{"status": "affected", "version": "<=v33.4", "versionType": "custom"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/protocolbuffers/protobuf/pull/25239"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "A denial-of-service (DoS) vulnerability exists in google.protobuf.json_format.ParseDict() in Python, where the max_recursion_depth limit can be bypassed when parsing nested google.protobuf.Any messages.\n\nDue to missing recursion depth accounting inside the internal Any-handling logic, an attacker can supply deeply nested Any structures that bypass the intended recursion limit, eventually exhausting Python\u2019s recursion stack and causing a RecursionError.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">A denial-of-service (DoS) vulnerability exists in google.protobuf.json_format.ParseDict() in Python, where the max_recursion_depth limit can be bypassed when parsing nested google.protobuf.Any messages.</span><br><br><span style=\"background-color: rgb(255, 255, 255);\">Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can supply deeply nested Any structures that bypass the intended recursion limit, eventually exhausting Python\u2019s recursion stack and causing a RecursionError.</span><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-674", "description": "CWE-674: Uncontrolled Recursion"}]}], "providerMetadata": {"orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google", "dateUpdated": "2026-01-30T14:28:11.435Z"}}}, "cveMetadata": {"cveId": "CVE-2026-0994", "state": "PUBLISHED", "dateUpdated": "2026-01-30T14:28:11.435Z", "dateReserved": "2026-01-15T15:16:22.904Z", "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "datePublished": "2026-01-23T14:55:16.876Z", "assignerShortName": "Google"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:google:protobuf:*:*:*:*:*:*:*:*", "matchCriteriaId": "CF0F8C1C-5CDF-4758-864F-FFF2CBF7B00C", "versionEndIncluding": "33.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A denial-of-service (DoS) vulnerability exists in google.protobuf.json_format.ParseDict() in Python, where the max_recursion_depth limit can be bypassed when parsing nested google.protobuf.Any messages.\n\nDue to missing recursion depth accounting inside the internal Any-handling logic, an attacker can supply deeply nested Any structures that bypass the intended recursion limit, eventually exhausting Python\u2019s recursion stack and causing a RecursionError."}, {"lang": "es", "value": "Hay una vulnerabilidad de denegaci\u00f3n de servicio (DoS) en google.protobuf.json_format.ParseDict() en Python, donde el l\u00edmite max_recursion_depth puede ser evitado al analizar mensajes anidados de google.protobuf.Any.\n\nDebido a que no se contabiliza la profundidad de recursi\u00f3n dentro de la l\u00f3gica interna de manejo de Any, un atacante puede proporcionar estructuras Any profundamente anidadas que evitan el l\u00edmite de recursi\u00f3n previsto, agotando finalmente la pila de recursi\u00f3n de Python y causando un RecursionError."}], "id": "CVE-2026-0994", "lastModified": "2026-04-09T14:19:17.700", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cve-coordination@google.com", "type": "Secondary"}]}, "published": "2026-01-23T15:16:06.840", "references": [{"source": "cve-coordination@google.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://github.com/protocolbuffers/protobuf/pull/25239"}], "sourceIdentifier": "cve-coordination@google.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-674"}], "source": "cve-coordination@google.com", "type": "Secondary"}]}

{"bugzilla": {"description": "python: protobuf: Protobuf: Denial of Service due to recursion depth bypass", "id": "2432398", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2432398"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-674", "details": ["A denial-of-service (DoS) vulnerability exists in google.protobuf.json_format.ParseDict() in Python, where the max_recursion_depth limit can be bypassed when parsing nested google.protobuf.Any messages.\nDue to missing recursion depth accounting inside the internal Any-handling logic, an attacker can supply deeply nested Any structures that bypass the intended recursion limit, eventually exhausting Python\u2019s recursion stack and causing a RecursionError."], "name": "CVE-2026-0994", "package_state": [{"cpe": "cpe:/a:redhat:amq_clients:2023", "fix_state": "Affected", "package_name": "protobuf", "product_name": "AMQ Clients"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Affected", "package_name": "python3.11-protobuf", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Affected", "package_name": "python3x-protobuf", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Affected", "package_name": "python-protobuf", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "protobuf", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "protobuf", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Affected", "package_name": "protobuf", "product_name": "Red Hat OpenStack Platform 16.2"}], "public_date": "2026-01-23T14:55:16Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-0994\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-0994\nhttps://github.com/protocolbuffers/protobuf/pull/25239"], "threat_severity": "Important"}

{"analysis": {"en": {"generated_at": "2026-04-18T03:09:51.109799+00:00", "value": {"mitigation_remediation": ["Upgrade to the latest Python protobuf package that includes the fix for PR\u202f25239", "Review any custom parsing code to ensure that recursion depth limits are enforced on input before delegating to ParseDict", "If an upgrade is delayed, implement input validation to reject JSON payloads exceeding a safe depth before parsing"], "summary": {"action": "Apply Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "The issue targets the Python protobuf implementation, specifically the google.protobuf.json_format module. Any deployment that relies on the protobuf library to parse JSON payloads containing Any messages may be affected. No specific version identifiers are provided, so all versions prior to the fix in the referenced pull request are potentially vulnerable.", "description_and_impact": "A vulnerability exists in the protobuf Python library\u2019s json_format.ParseDict function, where the configured maximum recursion depth can be bypassed when parsing nested Any messages. This allows an attacker to supply deeply nested structures that evade the intended limit, causing the interpreter to exhaust its recursion stack and trigger a RecursionError. The result is a service interruption that affects the availability of any application using the vulnerable parsing routine.", "risk_and_exploitability": "With a CVSS score of 8.2 the vulnerability is considered high severity. The EPSS score is reported as less than 1%, indicating that while exploitation probability is low, the damage a successful attempt could cause is significant. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. Because the flaw lies within the processing of user-supplied data, the likely attack vector is through application-level input, potentially from remote users sending crafted JSON. No additional exploit conditions are described in the available data."}}}}, "created": "2026-01-26T11:53:19.025825+00:00", "updated": "2026-04-18T03:15:35.429145+00:00", "vendors": ["google", "google$PRODUCT$protobuf", "google$PRODUCT$protobuf-python", "protobuf", "protobuf$PRODUCT$protobuf"]}