HIGH
Protobufjs Project
CVE published 2026-05-13
CVE-2026-44293
CVE-2026-44293 is a vulnerability in Protobufjs, a JavaScript library for working with Protocol Buffers. The vulnerability allows for attacker-controlled code to be emitted into the generated conversion function. This is due to an unsafe expression derived from a schema-controlled bytes field default value in the generated JavaScript for toObject conversion. A crafted descriptor with a non-string default [truncated]