CVE-2026-0994: Denial of Service in Python Protobuf
A denial-of-service (DoS) vulnerability exists in google.protobuf.json_format.ParseDict() in Python, where the max_recursion_depth limit can be bypassed when parsing nested google.protobuf.Any messages.
Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can supply deeply nested Any structures that bypass the intended recursion limit, eventually exhausting Python’s recursion stack and causing a RecursionError.
Security readout for executives and security teams
Plain-English summary
This CVE can let an unauthenticated remote user crash a Python service that parses untrusted protobuf JSON. The issue is availability-focused: deeply nested google.protobuf.Any data can bypass the intended recursion limit and exhaust Python recursion handling. There is no evidence in the provided sources of active exploitation.
Executive priority
Treat this as a high-priority availability risk for services parsing untrusted protobuf JSON. It is not described as data theft or code execution, but exposed services could be crashed until patched or protected.
Technical view
google.protobuf.json_format.ParseDict() in Python Protobuf fails to count recursion depth inside internal Any-handling logic. Nested Any messages can bypass max_recursion_depth, eventually triggering RecursionError. The source bundle lists Python Protobuf versions <=v33.4 as affected and maps the weakness to CWE-674.
Likely exposure
Exposure is most likely in Python applications or APIs that accept untrusted JSON and convert it into protobuf messages using ParseDict(), especially where google.protobuf.Any is supported. Internal-only parsers and systems not using Python Protobuf JSON parsing are less likely exposed.
Exploitation context
The CVSS vector indicates network reachability, low attack complexity, no privileges, and no user interaction, with high vulnerable-system availability impact. The bundle marks KEV as false and provides no cited evidence of exploitation in the wild.
Researcher notes
Focus validation on recursion accounting around Any handling in Python Protobuf JSON parsing. Do not assume all protobuf usage is affected; the provided evidence is specific to ParseDict() and nested Any messages. Exact fixed upstream release details are incomplete in the bundle.
Mitigation direction
Inventory Python Protobuf usage, especially json_format.ParseDict() on externally supplied data.
Upgrade or patch affected Protobuf packages using vendor guidance and listed Red Hat advisories.
Prioritize internet-facing services that parse protobuf JSON with Any message support.
Restrict or pre-validate untrusted protobuf JSON inputs where vendor fixes are not yet deployed.
Validation and detection
Check dependency manifests and runtime environments for Python Protobuf versions <=v33.4.
Search application code for google.protobuf.json_format.ParseDict() handling untrusted request data.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cwe · low confidence lookup
CWE-674: Exact CWE lookup
Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.