Cyera researchers have uncovered six vulnerabilities in the widely used open-source protobuf.js library, warning that flaws in schema handling could enable remote code execution, denial-of-service attacks and supply-chain compromises across Node.js, AI and cloud environments.
Security researchers at Cyera have disclosed six vulnerabilities, collectively dubbed Proto6, in the widely used open-source protobuf.js library that could expose Node.js applications, AI infrastructure, cloud services and CI/CD pipelines to remote code execution (RCE) and denial-of-service (DoS) attacks.
According to Cyera, the flaws can lead to application crashes, runtime corruption and code execution through malicious protobuf schemas, descriptors or crafted payloads. “In affected environments, a single malicious protobuf schema, descriptor, or crafted payload could be enough to trigger crashes, runtime corruption, or even code execution,” said Assaf Morag, Security Researcher at Cyera.
The most severe issue, CVE-2026-44291 (CVSS 8.1), can enable arbitrary JavaScript execution inside a Node.js process. Vladimir Tokarev, Security Researcher, explained that attacker-controlled input can reach a prototype pollution gadget, allowing protobuf.js to generate and compile malicious code during message encoding or decoding.
The vulnerabilities affect Node.js applications, Google Cloud client libraries, messaging frameworks such as Baileys, databases, vector stores, AI inference pipelines, orchestration systems, cloud SDKs and CI/CD environments. Any service that deserialises Protobuf data or generates code from schemas using protobuf.js may be at risk.
Cyera attributed all six flaws to protobuf.js treating schemas and metadata as trusted inputs by default, creating opportunities for malicious data to influence application behaviour. The company warned that exploitation conditions are increasingly common across modern AI and cloud ecosystems that routinely exchange schemas and configuration files.
The six vulnerabilities include three DoS flaws, two code-injection issues and one prototype-injection weakness, with severity scores ranging from 5.3 to 8.7. Researchers also outlined potential attacks involving poisoned CI/CD workflows, build-secret theft, code injection and service crashes in messaging applications.
The affected versions are protobuf.js 7.5.5 and earlier, 8.0.0–8.0.1, and protobufjs-cli 1.2.0 and earlier, plus 2.0.0–2.0.1. Patches are available in protobuf.js 7.5.6 and 8.0.2, and protobufjs-cli 1.2.1 and 2.0.2.
