CVE-2026-6409: Denial of Service (DoS) vulnerability exists in the Protobuf PHP library during the parsing of untrusted input

Overview

Severity

N/A

Exploit Status

Not Exploited

Patch Tuesday

2026-Apr

Released

2026-04-23

EPSS Score

0.09% (percentile: 25.3%)

Affected Products (13)

Other

• 17664-17084
• 20026-17086
• 21156-17084
• 21155-17086
• 21233-17086
• 17868-17086
• 21232-17084

Open Source Software

• azl3 pytorch 2.2.2-12 on Azure Linux 3.0
• cbl2 pytorch 2.0.0-15 on CBL Mariner 2.0
• cbl2 tensorflow 2.11.1-2 on CBL Mariner 2.0
• azl3 tensorflow 2.16.1-11 on Azure Linux 3.0
• azl3 python-tensorboard 2.16.2-6 on Azure Linux 3.0
• cbl2 python-tensorboard 2.11.0-3 on CBL Mariner 2.0

Revision History

• 2026-04-23: Information published.