CVE-2026-0994: Protocol Buffers recursion bypass exposes Python services to stack exhaustion

A medium-severity vulnerability in Google's Protocol Buffers library allows specially crafted nested message structures to bypass the recursion depth protections intended to prevent denial-of-service attacks. The flaw, tracked as CVE-2026-0994, affects google.protobuf.json_format.ParseDict() in protobuf versions up to and including 4.25.8.

The vulnerability stems from insufficient recursion depth accounting within the internal logic that handles google.protobuf.Any messages. The ParseDict() function enforces a max_recursion_depth limit to protect against maliciously nested data, but the Any-handling subroutine fails to increment the recursion counter when processing nested Any structures. This oversight enables attackers to construct deeply nested payloads that bypass the intended safeguard, ultimately exhausting Python's recursion stack and triggering a RecursionError. Proof-of-concept exploits leveraging this weakness could render affected applications unresponsive without triggering the built-in safeguards.

The risk is concentrated in services that deserialize untrusted JSON or dictionary inputs through ParseDict(). API backends, data ingestion pipelines, and any system that validates external data against protobuf schemas face the highest exposure. Attackers do not require authentication to exploit this flaw; only the ability to submit specially crafted input to a vulnerable code path. The issue was remediated in protobuf 5.29.6, and organizations using protobuf 4.25.8 or earlier versions should evaluate their dependency trees immediately. Security teams should audit applications that invoke ParseDict() on external or user-supplied data and apply the available patch without delay.