A high-severity vulnerability has been identified in Google’s Protocol Buffers (protobuf), tracked as CVE-2026-0994, and affects Python implementations by enabling a Denial-of-Service (DoS) attack that can crash services. The flaw lies in the google[.]protobuf.json_format.ParseDict() function, which should enforce a max_recursion_depth limit to stop parsing deep nested structures, but fails when handling the google.protobuf[.]Any message type.
The internal helper _ConvertAnyMessage() processes embedded messages without incrementing or decrementing the recursion depth counter, meaning Any messages nested inside other Any messages can cause unbounded recursion and bypass the depth limit. As a result, parsing can continue until the Python interpreter’s hard recursion limit is reached, leading to a RecursionError and potential immediate service disruption.
To close the loophole, the parsing logic must consistently enforce max_recursion_depth for all message types, including nested Any, or patch _ConvertAnyMessage() to correctly adjust the depth counter. The article notes the impact on services that parse untrusted JSON input containing Any messages.