High-Severity DoS Flaw Hits Google Protocol Buffers (CVE-2026-0994)

A high-severity vulnerability has been discovered in Protocol Buffers (protobuf), Google’s widely used mechanism for serializing structured data. The flaw, tracked as CVE-2026-0994, affects Python implementations and allows attackers to crash services via a “Denial-of-Service (DoS)” attack.

With a CVSS score of 8.2, the vulnerability exploits a blind spot in how the library processes nested data, allowing malicious payloads to bypass safety limits and exhaust the server’s memory stack.

The vulnerability resides in the google.protobuf.json_format.ParseDict() function, which is responsible for parsing JSON data into protobuf messages. To prevent crashes, this function is supposed to enforce a max_recursion_depth limit—a safety brake that stops the parser from going too deep into nested structures.

However, researchers found that this safety brake fails when handling a specific message type: google.protobuf.Any.

“The internal helper _ConvertAnyMessage() processes the embedded message without incrementing or decrementing the recursion depth counter,” the report explains.

This means that while the system correctly counts the depth of standard messages, it completely ignores Any messages. An attacker can exploit this by “nesting Any messages inside other Any messages,” that “allows unbounded recursion while bypassing the configured depth limit.”

Because these nested messages “do not contribute to the depth counter,” the parsing continues unchecked until it hits the hard limit of the Python interpreter itself.

The result is a RecursionError, which, if not properly handled, causes the process to crash. “Attackers can bypass the intended recursion limit… eventually exhausting Python’s recursion stack,” leading to immediate service disruption.

This flaw poses a significant risk to any service that “parse[s] untrusted JSON input containing Any” messages. If your application accepts external JSON data and uses the Python protobuf library to parse it, you are likely exposed to this DoS vector.

To close this loophole, the parsing logic must be updated to account for every layer of the message, regardless of its type. The report recommends that developers “ensure that max_recursion_depth is consistently enforced for all message types, including nested Any,” or specifically patch the _ConvertAnyMessage() function to increment the depth counter correctly.

Related Posts:

• Python Protobuf Flaw Allows DoS Via Nested Messages
• Apple Unifies OS Versions to “26” and Unveils “Liquid Glass” Redesign
• Matanbuchus 3.0 Downloader Pivots to Ransomware, Using Protobufs and QuickAssist for Stealth Access