1. CVE-2026-0994: Protocol Buffers recursion bypass exposes Python services to stack exhaustion
A medium-severity vulnerability in Google's Protocol Buffers library allows specially crafted nested message structures to bypass the recursion depth protections intended to prevent denial-of-service attacks. The flaw, tracked as CVE-2026-0994, affects google.protobuf.json_format.ParseDict() in protobuf versions up to ...