📦

protobufjs-cli

Vendor: protobufjs_project

Actively Exploited 0 CISA KEV List

PoC / Exploits 1 Code Available

Total RCEs 2 Remote Access

Total CVEs 2 Total Indexed

Avg. EPSS 0.18% Exploit Prob.

Latest CVE CVE-2026-44295 May 13

Security Vulnerability Index

Page 1 / 1

8.7 CVSS

CVE-2026-44295

RCE Exploit Found

protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.2.1 and 2.0.2, pbjs static code generation could emit unsafe JavaScript identifiers derived from schema-controlled names. When generating static JavaScript from a crafted schema or JSON descriptor, certain namespace, enum, service, or derived full names could be written into the generated output without sufficient sanitization. This vulnerability is fixed in 1.2.1 and 2.0.2.

EPSS: 0.22%

Severity: HIGH

May 13, 2026

7.8 CVSS

CVE-2026-42290

RCE

protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.2.1 and 2.0.2, pbts invoked JSDoc by building a shell command string from input file paths and executing it through child_process.exec. File paths containing shell metacharacters could therefore be interpreted by the shell instead of being passed to JSDoc as plain arguments. This vulnerability is fixed in 1.2.1 and 2.0.2.

EPSS: 0.13%

Severity: HIGH

May 13, 2026

Displaying 2 of 2 Total Entries

Total 1 Sections