CVE-2026-4746 — Out-of-bounds Write in Proton

CWE-787 — Out-of-bounds Write4 documents4 sources

Severity

10.0CRITICALNVD

EPSS

0.1%

top 82.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeplus-io Proton Msrc Azl3 Boost 1.83.0-2 ON Azure Linux 3.0 Msrc Azl3 Ceph 18.2.2-12 ON Azure Linux 3.0 +13 more

Timeline

PublishedMar 24

Description

Out-of-bounds Write vulnerability in timeplus-io proton (base/poco/Foundation/src‎ modules). This vulnerability is associated with program files inflate.C. This issue affects proton: before 1.6.16.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N

Affected Packages16 packages

▶CVEListV5timeplus-io/proton< 1.6.16

▶msrcmsrc/cbl2_qt5-qtbase_5.12.11-19_on_cbl_mariner_2.0

▶msrcmsrc/cbl2_nss_3.75-2_on_cbl_mariner_2.0

▶msrcmsrc/cbl2_gdb_11.2-10_on_cbl_mariner_2.0

▶msrcmsrc/azl3_gcc_13.2.0-7_on_azure_linux_3.0

🔴Vulnerability Details

GHSA

GHSA-ch4h-8w5c-3g8g: Out-of-bounds Write vulnerability in timeplus-io proton (base/poco/Foundation/src‎ modules)↗2026-03-24

▶

📋Vendor Advisories

Microsoft

Heap Buffer Over-Write Vulenrabilty in timeplus-io/proton↗2026-03-10

▶

🕵️Threat Intelligence

Wiz

CVE-2026-4746 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶