HIGH
square
CVE published 2026-07-17
CVE-2026-45799
A vulnerability was found in Wire gRPC and protocol buffers for Android, Kotlin, Swift, and Java. Prior to versions 6.3.0 and 7.0.0-alpha03, the ByteArrayProtoReader32.skipGroup() and ProtoReader.skipGroup() methods in wire-runtime do not validate that a LENGTH_DELIMITED field length is non-negative before skip(), which can lead to an ArrayIndexOutOfBoundsException. This vulnerability has a CVSS score of [truncated]