protobuf security update

🗓️ 23 Feb 2026 00:00:00Reported by OracleLinuxType

oraclelinux

oraclelinux🔗 linux.oracle.com👁 4 Views

Protobuf security update 3.14.0-17 fixes CVE-2026-0994 for nested Any messages on Unix.

Reporter	Title	Published	Views	Family All 155
IBM Security Bulletins	Security Bulletin: IBM Maximo Application Suite - Monitor Component uses protobuf-4.25.3-cp37-abi3-manylinux2014_x86_64.whl, protobuf-6.33.4-cp39-abi3-manylinux2014_x86_64.whl which is vulnerable to CVE-2026-0994	29 May 202608:54	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Guardium Data Protection is affected by multiple vulnerabilities	23 Apr 202617:56	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring and Dashboard operands are vulnerable to denial of service (CVE-2026-0994)	15 Apr 202609:45	–	ibm
IBM Security Bulletins	Security Bulletin: Security vulnerability in Python affects IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak	14 May 202613:52	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in google.protobuf with IBM Fusion, IBM Fusion HCI and Content-Aware Storage.	13 May 202610:55	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities are addressed with IBM Process Mining Interim Fix for February 2026	26 Feb 202609:40	–	ibm
IBM Security Bulletins	Security Bulletin: A denial-of-service (DoS) vulnerability in google.protobuf.json_format.ParseDict() in Python, affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.	4 May 202614:25	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Maximo Application Suite uses pyasn1-0.6.1, protobuf-6.33.4-cp39-abi3-manylinux2014_x86_64, urllib3-2.5.0-py3-none-any, database/sql 1.24.4 and weasyprint-67.0-py3-none-any.	3 Mar 202606:49	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a Denial of Service in google.protobuf [CVE-2026-0994]	14 Apr 202614:59	–	ibm
IBM Security Bulletins	Security Bulletin: IBM watsonx.data integration has several vulnerabilities due to open source packages.	20 Mar 202616:42	–	ibm

OS	OS Version	Architecture	Package	Package Version	Filename
oracle linux	9	src	protobuf	3.14.0-17.el9_7	protobuf-3.14.0-17.el9_7.src.rpm
oracle linux	9	src	protobuf	3.14.0-17.el9_7	protobuf-3.14.0-17.el9_7.src.rpm
oracle linux	9	aarch64	protobuf	3.14.0-17.el9_7	protobuf-3.14.0-17.el9_7.aarch64.rpm
oracle linux	9	aarch64	protobuf-compiler	3.14.0-17.el9_7	protobuf-compiler-3.14.0-17.el9_7.aarch64.rpm
oracle linux	9	aarch64	protobuf-devel	3.14.0-17.el9_7	protobuf-devel-3.14.0-17.el9_7.aarch64.rpm
oracle linux	9	aarch64	protobuf-lite	3.14.0-17.el9_7	protobuf-lite-3.14.0-17.el9_7.aarch64.rpm
oracle linux	9	aarch64	protobuf-lite-devel	3.14.0-17.el9_7	protobuf-lite-devel-3.14.0-17.el9_7.aarch64.rpm
oracle linux	9	noarch	python3-protobuf	3.14.0-17.el9_7	python3-protobuf-3.14.0-17.el9_7.noarch.rpm
oracle linux	9	src	protobuf	3.14.0-17.el9_7	protobuf-3.14.0-17.el9_7.src.rpm
oracle linux	9	src	protobuf	3.14.0-17.el9_7	protobuf-3.14.0-17.el9_7.src.rpm

23 Feb 2026 00:00Current

5.3Medium risk

Vulners AI Score5.3

CVSS 48.2

EPSS0.00013

SSVC

protobuf security update cve-2026-0994 nested Any messages unix