debian · CVE-2026-6409

Quick triage

Priority: not yet assigned Published: Updated: Sat, 11 Jul 2026 04:09:25 GMT

View at Official debian advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2026-6409 not yet assigned priority: Debian including 1 source packages (protobuf), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): open 3, resolved 2.

Description:

A Denial of Service (DoS) vulnerability exists in the Protobuf PHP library during the parsing of untrusted input. Maliciously structured messages—specifically those containing negative varints or deep recursion—can be used to crash the application, impacting service availability.

cvelogic Threat Intelligence