Linux Distros Unpatched Vulnerability : CVE-2026-41242

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - protobufjs compiles protobuf definitions into JavaScript JS functions. In versions prior to 8.0.1 and 7.5.5, attackers can inject arbitrary code in the type...

CVE-2026-41242 vulnerabilities

Vulnerabilities for packages: pulumi, renovate, jitsucom-jitsu, vitess, kubeflow-centraldashboard, langfuse...

CVE-2026-41242 vulnerabilities

Vulnerabilities for packages: kubeflow-centraldashboard, vitess, gemini-cli, opentelemetry-auto-instrumentations-node, jitsucom-jitsu, kibana, langfuse, langfuse-fips, librechat, pulumi, renovate...

CVE-2026-41242

protobufjs compiles protobuf definitions into JavaScript JS functions. In versions prior to 8.0.1 and 7.5.5, attackers can inject arbitrary code in the "type" fields of protobuf definitions, which will then execute during object decoding using that definition. Versions 8.0.1 and 7.5.5 patch the...

CVE-2026-41242

protobufjs compiles protobuf definitions into JavaScript JS functions. In versions prior to 8.0.1 and 7.5.5, attackers can inject arbitrary code in the "type" fields of protobuf definitions, which will then execute during object decoding using that definition. Versions 8.0.1 and 7.5.5 patch the...

CVE-2026-41242

creationtimestamp| type| source ---|---|--- 2026-04-17 04:00:00+00:00| published-proof-of-concept| https://github.com/protobufjs/protobuf.js/security/advisories/GHSA-xq3m-2v4x-88gg 2026-04-18 19:15:08+00:00| published-proof-of-concept| Telegram/x12vbbUj9eUCE8CmwEAAyNGNCB8MsPtTe6lQq2voLeHmZk...

org.webjars.npm:bazel__typescript (=1.7.0), org.webjars.npm:cesium (>=1.96.0 <=1.137.0) +8 more potentially affected by CVE-2026-41242 via org.webjars.npm:protobufjs (>=6.8.8 <=8.0.0)

org.webjars.npm:protobufjs MAVEN version =6.8.8, =1.96.0, =1.0.0, =1.0.0, =10.13.0, =4.7.0, =0.3.35, =1.7.3, =0.7.13, =0.7.15 Source cves: CVE-2026-41242 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-16094666...

10minions-engine (>=0.0.1 <=0.0.4), @0xr404/lol404 (>=1.1.0 <=1.1.6) +3322 more potentially affected by CVE-2026-41242 via protobufjs (>=7.0.0 <=7.5.4)

protobufjs NPM version =7.0.0, =0.0.1, =1.1.0, =1.0.1-beta.0, =0.0.2-beta.0, =1.0.0, =1.5.10, =0.10.1, =1.1.0, =6.0.0, =2.0.2, =3.3.2 and more Source cves: CVE-2026-41242 Source advisory: SNYK:JS-PROTOBUFJS-16094665...

-temp-electron-manager-somiibo (=0.0.200), 0xpass (>=0.0.2 <=0.0.8) +22910 more potentially affected by CVE-2026-41242 via protobufjs (>=2.0.4 <=7.5.4)

protobufjs NPM version =2.0.4, =0.0.2, =0.0.1, =1.0.0, =1.0.1, =1.0.1, =1.0.0, =1.0.0, =1.0.0, =2.0.0, =1.0.0-alpha.3, =1.0.0, =0.0.1, =0.0.1, =0.1.5 and more Source cves: CVE-2026-41242 Source advisory: OSV:GHSA-XQ3M-2V4X-88GG...

2mxdev-gql-gateway (=1.0.0), 4m-node-server (>=0.0.1 <=0.0.8) +2879 more potentially affected by CVE-2026-41242 via @apollo/protobufjs (>=1.1.0 <=1.2.7)

@apollo/protobufjs NPM version =1.1.0, =0.0.1, =1.0.2, =3.10.1, =1.2.0-pre.24, =1.0.1, =1.0.0, =1.0.0, =0.5.0, =1.0.0, =0.0.1, =0.1.1, =0.0.1, =1.0.7, =1.0.17 and more Source cves: CVE-2026-41242 Source advisory: SNYK:JS-APOLLOPROTOBUFJS-16321047...

@0xchain/telemetry (>=1.1.0-beta.8 <=1.1.0-beta.18), @42zeroo/tescik (>=1.0.0 <=1.1.1963) +677 more potentially affected by CVE-2026-41242 via protobufjs (=8.0.0)

protobufjs NPM version =8.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on protobufjs and may be impacted: - @0xchain/telemetry =1.1.0-beta.8, =1.0.0, =1.1.4, =0.3.1, =0.3.1, =0.7.1, =0.7.0, =0.6.0, =0.8.0 - @adaptic/backend-legacy =0.0.941 and more...