Bug 2458736 (CVE-2026-5758)
| Summary: | CVE-2026-5758 protocol-buffers-schema: protocol-buffers-schema: Remote code execution via prototype pollution | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | aazores, abarbaro, adudiak, alizardo, cmah, dschmidt, eaguilar, ebaron, erezende, jchui, jhe, jkoehler, jlanda, jolong, kshier, ktsao, lphiri, nboldt, oaljalju, pjindal, psrna, simaishi, smcdonal, stcannon, teagle, yguenane |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A flaw was found in the `protocol-buffers-schema` JavaScript library. This vulnerability, known as prototype pollution, allows an attacker to inject malicious properties into an object's core definition. This could enable an attacker to change how an application behaves, bypass security measures, or cause the application to stop working (Denial of Service). In specific circumstances, this flaw could potentially lead to an attacker running unauthorized code on the system.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
OSIDB Bzimport
2026-04-15 18:01:42 UTC
|