LiveActive security incident?Get immediate response
CVE Record

CVE-2026-0994: Denial of Service in Python Protobuf

A denial-of-service (DoS) vulnerability exists in google.protobuf.json_format.ParseDict() in Python, where the max_recursion_depth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can supply deeply nested Any structures that bypass the intended recursion limit, eventually exhausting Python’s recursion stack and causing a RecursionError.

HighCVSS 8.2Not KEV-listedUpdated
Glexia's TakeAutomated analysishigh

Security readout for executives and security teams

Plain-English summary

This CVE can let an unauthenticated remote user crash a Python service that parses untrusted protobuf JSON. The issue is availability-focused: deeply nested google.protobuf.Any data can bypass the intended recursion limit and exhaust Python recursion handling. There is no evidence in the provided sources of active exploitation.

Executive priority

Treat this as a high-priority availability risk for services parsing untrusted protobuf JSON. It is not described as data theft or code execution, but exposed services could be crashed until patched or protected.

Technical view

google.protobuf.json_format.ParseDict() in Python Protobuf fails to count recursion depth inside internal Any-handling logic. Nested Any messages can bypass max_recursion_depth, eventually triggering RecursionError. The source bundle lists Python Protobuf versions <=v33.4 as affected and maps the weakness to CWE-674.

Likely exposure

Exposure is most likely in Python applications or APIs that accept untrusted JSON and convert it into protobuf messages using ParseDict(), especially where google.protobuf.Any is supported. Internal-only parsers and systems not using Python Protobuf JSON parsing are less likely exposed.

Exploitation context

The CVSS vector indicates network reachability, low attack complexity, no privileges, and no user interaction, with high vulnerable-system availability impact. The bundle marks KEV as false and provides no cited evidence of exploitation in the wild.

Researcher notes

Focus validation on recursion accounting around Any handling in Python Protobuf JSON parsing. Do not assume all protobuf usage is affected; the provided evidence is specific to ParseDict() and nested Any messages. Exact fixed upstream release details are incomplete in the bundle.

Mitigation direction

  • Inventory Python Protobuf usage, especially json_format.ParseDict() on externally supplied data.
  • Upgrade or patch affected Protobuf packages using vendor guidance and listed Red Hat advisories.
  • Prioritize internet-facing services that parse protobuf JSON with Any message support.
  • Restrict or pre-validate untrusted protobuf JSON inputs where vendor fixes are not yet deployed.

Validation and detection

  • Check dependency manifests and runtime environments for Python Protobuf versions <=v33.4.
  • Search application code for google.protobuf.json_format.ParseDict() handling untrusted request data.
  • Confirm whether exposed protobuf JSON schemas accept google.protobuf.Any fields.
  • Verify applicable Red Hat errata or upstream protobuf guidance has been applied.
Prepared
Confidence
medium
Sources
8

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cwe · low confidence lookup

CWE-674: Exact CWE lookup

Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.

Open ATT&CK lookup
cve · low confidence lookup

CVE-2026-0994 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
High
CVSS
8.2 (4.0)
Known Exploited
No
Published

Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L

Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

2CVSS vectors
5Timeline events
2ADP providers
20Source links

SSVC decision data

CISA-ADPCISA Coordinator
Timestamp
Version
2.0.3
Exploitation: noneAutomatable: yesTechnical Impact: partial

CVSS vector scores

2 official scores

We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.

ScoreVersionSeverityVectorExploitImpactSource
8.2CVSS 4.0HighCVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:LGoogle
7.5CVSS 3.1HighCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H3.93.6redhat-SADP

Vulnerability scoring details

Base CVSS 4.0 score

8.2High
CVSS 4.0 vector shape for CVE-2026-0994Attack VectorAttack ComplexityAttack RequirementsPrivileges RequiredUser InteractionVS ConfidentialityVS IntegrityVS AvailabilitySS ConfidentialitySS IntegritySS Availability

Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L

Attack Vector
NetworkAdjacentLocalPhysical
Attack Complexity
LowHigh
Attack Requirements
NonePresent
Privileges Required
NoneLowHigh
User Interaction
NonePassiveActive
VS Confidentiality
HighLowNone
VS Integrity
HighLowNone
VS Availability
HighLowNone
SS Confidentiality
HighLowNone
SS Integrity
HighLowNone
SS Availability
HighLowNone

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. ADP timelineredhat-SADP

    Made public.

  3. CVE publishedCVE Program

    The CVE record was published.

  4. ADP timelineredhat-SADP

    Reported to Red Hat.

  5. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

ADP provider summaries

CISA-ADPCISA ADP Vulnrichment
other:ssvc
redhat-SADPpython: protobuf: Protobuf: Denial of Service due to recursion depth bypass
other:Red Hat severity ratingcvssV3_1
  • 2026-01-23T16:02:59.235Z: Reported to Red Hat.
  • 2026-01-23T14:55:16.876Z: Made public.

Source materials

Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
PythonProtobuf<=v33.4unaffected
Weakness

CWE details

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.

CWE-674 · source CWE mapping

CWE mapping pending import

This CVE carries a CWE mapping that will resolve to a full Glexia CWE intelligence page after the official CWE import is complete.