PatchSiren

square CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH square CVE published 2026-07-17

CVE-2026-45799

A vulnerability was found in Wire gRPC and protocol buffers for Android, Kotlin, Swift, and Java. Prior to versions 6.3.0 and 7.0.0-alpha03, the ByteArrayProtoReader32.skipGroup() and ProtoReader.skipGroup() methods in wire-runtime do not validate that a LENGTH_DELIMITED field length is non-negative before skip(), which can lead to an ArrayIndexOutOfBoundsException. This vulnerability has a CVSS score of [truncated]