CVE-2026-6409: Denial of Service (DoS) vulnerability exists in the Protobuf PHP library during the parsing of untrusted input

Overview

Severity

N/A

Exploit Status

Not Exploited

Patch Tuesday

2026-Apr

Released

2026-04-23

Last Updated

2026-04-30

EPSS Score

0.03% (percentile: 9.4%)

Affected Products (15)

Mariner

• azl3 grpc 1.62.3-1 on Azure Linux 3.0
• cbl2 grpc 1.42.0-11 on CBL Mariner 2.0

Open Source Software

• cbl2 keras 2.11.0-3 on CBL Mariner 2.0
• azl3 mysql 8.0.45-2 on Azure Linux 3.0
• cbl2 mysql 8.0.45-3 on CBL Mariner 2.0
• cbl2 protobuf 3.17.3-5 on CBL Mariner 2.0
• azl3 pytorch 2.2.2-12 on Azure Linux 3.0
• cbl2 pytorch 2.0.0-15 on CBL Mariner 2.0
• cbl2 tensorflow 2.11.1-2 on CBL Mariner 2.0
• azl3 tensorflow 2.16.1-11 on Azure Linux 3.0
• azl3 mysql 8.0.46-1 on Azure Linux 3.0
• azl3 protobuf 25.3-6 on Azure Linux 3.0
• azl3 python-tensorboard 2.16.2-6 on Azure Linux 3.0
• cbl2 python-tensorboard 2.11.0-3 on CBL Mariner 2.0
• azl3 pytorch 2.2.2-14 on Azure Linux 3.0

Revision History

• 2026-04-23: Information published.
• 2026-04-24: Information published.
• 2026-04-29: Information published.
• 2026-04-30: Information published.