Improper input validation in Protocol Buffers Protobuf-php (Pecl)

CVE-2026-6409

A Denial of Service (DoS) vulnerability exists in the Protobuf PHP library during the parsing of untrusted input. Maliciously structured messages—specifically those containing negative varints or deep recursion—can be used to crash the app…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.000 (9.4th percentile) — read the EPSS interpretation.