COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2026-41242

CVE-2026-41242

Severity
critical
Source
NVD · cve
Published
2026-04-18
CVSS
9.8
Reference
https://nvd.nist.gov/vuln/detail/CVE-2026-41242
⚡ RCE shame 50/100 rce

protobufjs compiles protobuf definitions into JavaScript (JS) functions. In versions prior to 8.0.1 and 7.5.5, attackers can inject arbitrary code in the "type" fields of protobuf definitions, which will then execute during object decoding using that definition. Versions 8.0.1 an

Players implicated

protobufjs project · vendorprotobufjs · product

Description

protobufjs compiles protobuf definitions into JavaScript (JS) functions. In versions prior to 8.0.1 and 7.5.5, attackers can inject arbitrary code in the "type" fields of protobuf definitions, which will then execute during object decoding using that definition. Versions 8.0.1 and 7.5.5 patch the issue.

Affected FedRAMP products 0 in the catalog

No correlated FedRAMP products.