CVE-2026-0994HIGHCVSS 8.2v<=v33.42026-01-23
CVE-2026-0994 [HIGH] CWE-674 CVE-2026-0994: A denial-of-service (DoS) vulnerability exists in google.protobuf.json_format.ParseDict() in Python,
A denial-of-service (DoS) vulnerability exists in google.protobuf.json_format.ParseDict() in Python, where the max_recursion_depth limit can be bypassed when parsing nested google.protobuf.Any messages.
Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can supply deeply nested Any structures that bypass the i
cvelistv5nvd