{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-44293","assignerOrgId":"a0819718-46f1-4df5-94e2-005712e83aaa","state":"PUBLISHED","assignerShortName":"GitHub_M","dateReserved":"2026-05-05T17:39:31.112Z","datePublished":"2026-05-13T14:43:33.342Z","dateUpdated":"2026-07-15T02:45:59.169Z"},"containers":{"cna":{"title":"protobufjs: Code injection through bytes field defaults in generated toObject code","problemTypes":[{"descriptions":[{"cweId":"CWE-94","lang":"en","description":"CWE-94: Improper Control of Generation of Code ('Code Injection')","type":"CWE"}]}],"metrics":[{"cvssV4_0":{"attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","baseScore":7.7,"baseSeverity":"HIGH","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N","version":"4.0"}}],"references":[{"name":"https://github.com/protobufjs/protobuf.js/security/advisories/GHSA-66ff-xgx4-vchm","tags":["x_refsource_CONFIRM"],"url":"https://github.com/protobufjs/protobuf.js/security/advisories/GHSA-66ff-xgx4-vchm"}],"affected":[{"vendor":"protobufjs","product":"protobuf.js","versions":[{"version":"< 7.5.6","status":"affected"},{"version":">= 8.0.0, < 8.0.2","status":"affected"}]}],"providerMetadata":{"orgId":"a0819718-46f1-4df5-94e2-005712e83aaa","shortName":"GitHub_M","dateUpdated":"2026-05-13T14:43:33.342Z"},"descriptions":[{"lang":"en","value":"protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.6 and 8.0.2, protobufjs generated JavaScript for toObject conversion could include an unsafe expression derived from a schema-controlled bytes field default value. A crafted descriptor with a non-string default value for a bytes field could cause attacker-controlled code to be emitted into the generated conversion function. This vulnerability is fixed in 7.5.6 and 8.0.2."}],"source":{"advisory":"GHSA-66ff-xgx4-vchm","discovery":"UNKNOWN"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-05-14T15:59:34.901278Z","id":"CVE-2026-44293","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-05-14T15:59:42.554Z"}},{"affected":[{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:ansible_automation_platform:2.6::el9"],"defaultStatus":"affected","packageName":"automation-platform-ui","product":"Red Hat Ansible Automation Platform 2.6 for RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:2.6.10-1.el9ap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:enterprise_linux:10.2"],"defaultStatus":"affected","packageName":"rh-podman-desktop","product":"Red Hat Enterprise Linux 10","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:1.1.1-1.el10_2","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:ansible_automation_platform:2.6::el9"],"defaultStatus":"affected","packageName":"ansible-automation-platform-26/gateway-rhel9","product":"Red Hat Ansible Automation Platform 2.6","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"1782761510","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:rhdh:1.9::el9"],"defaultStatus":"affected","packageName":"rhdh/rhdh-hub-rhel9","product":"Red Hat Developer Hub 1.9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"1781187342","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:openshift:4.20::el9"],"defaultStatus":"affected","packageName":"openshift4/ose-console-rhel9","product":"Red Hat OpenShift Container Platform 4.20","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"1783602326","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:openshift:4.21::el9"],"defaultStatus":"affected","packageName":"openshift4/ose-console-rhel9","product":"Red Hat OpenShift Container Platform 4.21","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"1783502338","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:openshift:4.22::el9"],"defaultStatus":"affected","packageName":"openshift4/ose-console-rhel9","product":"Red Hat OpenShift Container Platform 4.22","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"1782224390","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:service_mesh:3.3::el9"],"defaultStatus":"affected","packageName":"openshift-service-mesh/kiali-ossmc-rhel9","product":"Red Hat OpenShift Service Mesh 3.3","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"1780997382","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:service_mesh:3.3::el9"],"defaultStatus":"affected","packageName":"openshift-service-mesh/kiali-rhel9","product":"Red Hat OpenShift Service Mesh 3.3","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"1780997438","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:openshift_pipelines:1"],"defaultStatus":"unaffected","packageName":"openshift-pipelines/pipelines-console-plugin-rhel8","product":"OpenShift Pipelines","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:openshift_pipelines:1"],"defaultStatus":"unaffected","packageName":"openshift-pipelines/pipelines-console-plugin-rhel9","product":"OpenShift Pipelines","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:podman_desktop:1"],"defaultStatus":"affected","packageName":"rh-podman-desktop.git","product":"Red Hat Build of Podman Desktop","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:enterprise_linux:8"],"defaultStatus":"unaffected","packageName":"grafana","product":"Red Hat Enterprise Linux 8","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:enterprise_linux:9"],"defaultStatus":"affected","packageName":"grafana","product":"Red Hat Enterprise Linux 9","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:enterprise_linux_ai:3"],"defaultStatus":"affected","packageName":"rhelai3/bootc-cuda-rhel9","product":"Red Hat Enterprise Linux AI (RHEL AI) 3","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:enterprise_linux_ai:3"],"defaultStatus":"affected","packageName":"rhelai3/bootc-gaudi-rhel9","product":"Red Hat Enterprise Linux AI (RHEL AI) 3","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:enterprise_linux_ai:3"],"defaultStatus":"affected","packageName":"rhelai3/bootc-rocm-rhel9","product":"Red Hat Enterprise Linux AI (RHEL AI) 3","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:enterprise_linux_ai:3"],"defaultStatus":"affected","packageName":"rhelai3/disk-image-cuda-rhel9","product":"Red Hat Enterprise Linux AI (RHEL AI) 3","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:hummingbird:1"],"defaultStatus":"unaffected","packageName":"dotnet9.0","product":"Red Hat Hardened Images","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:openshift_ai"],"defaultStatus":"affected","packageName":"rhoai/odh-dashboard-rhel9","product":"Red Hat OpenShift AI (RHOAI)","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:openshift_ai"],"defaultStatus":"affected","packageName":"rhoai/odh-mod-arch-automl-rhel9","product":"Red Hat OpenShift AI (RHOAI)","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:openshift_ai"],"defaultStatus":"affected","packageName":"rhoai/odh-mod-arch-autorag-rhel9","product":"Red Hat OpenShift AI (RHOAI)","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:openshift_ai"],"defaultStatus":"affected","packageName":"rhoai/odh-mod-arch-eval-hub-rhel9","product":"Red Hat OpenShift AI (RHOAI)","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:openshift_ai"],"defaultStatus":"affected","packageName":"rhoai/odh-mod-arch-gen-ai-rhel9","product":"Red Hat OpenShift AI (RHOAI)","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:openshift_ai"],"defaultStatus":"affected","packageName":"rhoai/odh-mod-arch-maas-rhel9","product":"Red Hat OpenShift AI (RHOAI)","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:openshift_ai"],"defaultStatus":"affected","packageName":"rhoai/odh-mod-arch-mlflow-rhel9","product":"Red Hat OpenShift AI (RHOAI)","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:openshift_ai"],"defaultStatus":"affected","packageName":"rhoai/odh-mod-arch-model-registry-rhel9","product":"Red Hat OpenShift AI (RHOAI)","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:openshift:4"],"defaultStatus":"affected","packageName":"openshift3/ose-console","product":"Red Hat OpenShift Container Platform 4","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:openshift:4"],"defaultStatus":"affected","packageName":"openshift4/ose-console","product":"Red Hat OpenShift Container Platform 4","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:openshift_data_foundation:4"],"defaultStatus":"affected","packageName":"odf4/mcg-core-rhel9","product":"Red Hat Openshift Data Foundation 4","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:ansible_portal:2"],"defaultStatus":"affected","packageName":"ansible-automation-platform/automation-portal","product":"Self-service automation portal 2","vendor":"Red Hat"}],"datePublic":"2026-05-13T14:43:33.342Z","descriptions":[{"lang":"en","value":"A flaw was found in protobufjs, a library used to compile protobuf definitions into JavaScript functions. A remote attacker could exploit this vulnerability by providing a crafted descriptor that includes a non-string default value for a bytes field. This could lead to the generation of an unsafe expression within the toObject conversion function, ultimately allowing the attacker to execute arbitrary code."}],"metrics":[{"other":{"content":{"namespace":"https://access.redhat.com/security/updates/classification/","value":"Important"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":7.1,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"LOW","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H","version":"3.1"},"format":"CVSS"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-94","description":"Improper Control of Generation of Code ('Code Injection')","lang":"en","type":"CWE"}]}],"references":[{"tags":["vdb-entry","x_refsource_REDHAT"],"url":"https://access.redhat.com/security/cve/CVE-2026-44293"},{"name":"RHBZ#2477104","tags":["issue-tracking","x_refsource_REDHAT"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2477104"},{"tags":["x_sadp-csaf-vex"],"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-44293.json"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:34160"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:37385"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:34374"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:26234"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:37628"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:37186"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:29795"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:26090"}],"solutions":[{"lang":"en","value":"RHSA-2026:34160: Red Hat Ansible Automation Platform 2.6 for RHEL 9"},{"lang":"en","value":"RHSA-2026:37385: Red Hat Enterprise Linux Extensions Channel (v. 10)"},{"lang":"en","value":"RHSA-2026:34374: Red Hat Ansible Automation Platform 2.6"},{"lang":"en","value":"RHSA-2026:26234: Red Hat Developer Hub 1.9"},{"lang":"en","value":"RHSA-2026:37628: Red Hat OpenShift Container Platform 4.20"},{"lang":"en","value":"RHSA-2026:37186: Red Hat OpenShift Container Platform 4.21"},{"lang":"en","value":"RHSA-2026:29795: Red Hat OpenShift Container Platform 4.22"},{"lang":"en","value":"RHSA-2026:26090: Red Hat OpenShift Service Mesh 3.3"}],"timeline":[{"lang":"en","time":"2026-05-13T16:03:50.961Z","value":"Reported to Red Hat."},{"lang":"en","time":"2026-05-13T14:43:33.342Z","value":"Made public."}],"title":"protobufjs: protobufjs: Arbitrary code execution due to unsafe expression generation from crafted protobuf descriptors","workarounds":[{"lang":"en","value":"Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}],"x_adpType":"supplier","x_generator":{"engine":"sadp-cli 1.0.0"},"providerMetadata":{"orgId":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","shortName":"redhat-SADP","dateUpdated":"2026-07-15T02:45:59.169Z"}}]}}