Skip to content

Update protobuf due to CVE-2026-0994 #15498

New issue
New issue
Open
Open
Update protobuf due to CVE-2026-0994#15498
Labels
triage meI really want to be triaged.type: bugError or flaw in code with unintended results or allowing sub-optimal usage patterns.
@claudiahoogwerf

Description

@claudiahoogwerf
claudiahoogwerf
opened on Feb 2, 2026

Determine this is the right repository

  • I determined this is the correct repository in which to report this bug.

Summary of the issue

A new vulernability is found in the protobuf package :
https://nvd.nist.gov/vuln/detail/CVE-2026-0994

its fixed in version 6.33.5 .

Can we make this the minimum version of protobuf in googleapis-common-protos? (This will then also remove all the exclude 4.x versions in that line.)

Metadata

Metadata

Assignees

No one assigned

    Labels

    triage meI really want to be triaged.type: bugError or flaw in code with unintended results or allowing sub-optimal usage patterns.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions