CVE-2026-54271 - protobufjs-cli JSON descriptor code injection
CVE-2026-54271 affects protobufjs-cli static and static-module code
generation from pre-parsed JSON descriptors. Unsafe name handling remained
reachable after a prior fix, so crafted descriptor names can still inject
attacker-controlled JavaScript into generated output. The common path of
parsing .proto files directly is not affected.
This is a build-pipeline vulnerability. Exposure exists when a repository runs
pbjs against attacker-influenced JSON descriptors and later executes or
imports the generated JavaScript.
When to use it
Use this recipe when a JavaScript/TypeScript repository uses protobufjs-cli
or pbjs to generate static JavaScript from schema inputs, especially when
JSON descriptors can come from third parties, CI artifacts, plugins,
marketplace packages, uploaded schemas, tenant configuration, or agent-created
bundles. It is a generated-code and build-pipeline recipe, not a generic
protobuf runtime issue.
Use it to upgrade the codegen tool and isolate or reject untrusted descriptors. Do not use it to generate or execute injected JavaScript.
Inputs
- npm manifests, lockfiles, workspaces, Dockerfiles, generated dependency
reports, SBOMs, build scripts, codegen jobs, generated artifacts, and cached
generated files that reference
protobufjs-cli. pbjscommand lines, static/static-module generation modes, descriptor sources, generated output paths, and import/execution points for generated JavaScript.- Provenance of schema inputs: trusted
.proto, checked-in JSON descriptor, CI artifact, plugin/extension package, user upload, tenant schema, model or agent generated descriptor, or third-party bundle. - Isolation and credential context for codegen jobs: release tokens, package publish credentials, CI secrets, network access, and artifact signing keys.
- Regression fixtures that reject unsafe descriptor-name shapes without producing executable payload output.
Affected versions
| Package | Vulnerable versions | Fixed versions |
|---|---|---|
protobufjs-cli |
<= 1.3.1 |
1.3.2+ |
protobufjs-cli |
>= 2.0.0, <= 2.4.2 |
2.5.0+ |
This is a bypass of GHSA-6r35-46g8-jcw9 / CVE-2026-44295.
Indicator-of-exposure
- The repository resolves affected
protobufjs-cliversions. - Build scripts run
pbjsinstaticorstatic-modulemode. - Input comes from JSON descriptors rather than trusted
.protosources. - Descriptor names can be influenced by third parties, imported bundles, CI artifacts, plugins, or tenant-controlled schema uploads.
Quick checks:
rg -n "pbjs|protobufjs-cli|static-module|static\\b|json descriptor|\\.json" .
npm ls protobufjs-cli
pnpm why protobufjs-cli
yarn why protobufjs-cli
Do not run affected pbjs versions on crafted untrusted JSON descriptors.
Remediation strategy
- Upgrade
protobufjs-clito1.3.2+or2.5.0+. - Prefer generating from trusted
.protofiles instead of accepting pre-parsed JSON descriptors from untrusted sources. - If JSON descriptor input must remain, validate descriptor-derived names against a strict allow-list before code generation.
- Run code generation in an isolated environment with no release or deployment credentials.
The prompt
Model context: this prompt was generated by GPT 5.5 Extra High reasoning.
You are remediating CVE-2026-54271 / GHSA-pr59-h9ph-3fr8, a `protobufjs-cli`
code-generation flaw where crafted JSON descriptor names can inject code into
generated JavaScript. Produce exactly one output:
- A reviewer-ready PR/change request that upgrades `protobufjs-cli`, removes or
validates untrusted JSON descriptor flows, adds safe regression checks, and
documents operator follow-up, or
- TRIAGE.md if this repository does not control an affected `pbjs` codegen
path.
## Rules
- Scope only CVE-2026-54271 and directly related `pbjs` static generation.
- Treat build artifacts, generated code, schema bundles, release tokens, and CI
credentials as sensitive.
- Do not generate live injected output from crafted descriptors.
- Do not auto-merge.
## Steps
1. Inventory every `protobufjs-cli` dependency, build script, codegen job, and
generated artifact controlled here.
2. Determine whether any resolved version is in the affected ranges.
3. Search for `pbjs` static or static-module generation and whether input comes
from JSON descriptors or trusted `.proto` files.
4. If no controlled affected path exists, stop with `TRIAGE.md`.
5. Upgrade `protobufjs-cli` to a fixed version and refresh lockfiles and
generated dependency artifacts.
6. Replace untrusted JSON descriptor inputs with trusted `.proto` inputs where
practical.
7. Where JSON descriptors remain necessary, validate descriptor-derived names
before code generation and isolate the codegen environment.
8. Add safe regression checks that assert fixed versions and reject unsafe
descriptor-name shapes without generating executable payloads.
9. Add a PR body section named `CVE-2026-54271 operator actions` covering
versions before and after, whether JSON descriptor inputs remain, and what
isolation or validation controls were added.
10. Run relevant validation: package install, codegen, tests, linting, and
dependency/security scans.
11. Use PR title:
`fix(sec): remediate CVE-2026-54271 in protobufjs-cli`.
## Stop conditions
- No affected `protobufjs-cli` code generation path is controlled here.
- Validation would require generating or executing injected code.
- Code generation is owned by another build platform outside this repository.
Verification - what the reviewer looks for
- No controlled install resolves an affected
protobufjs-cliversion. - Untrusted JSON descriptors no longer flow directly into static code generation without validation or isolation.
- Regression checks cover the bypass class from
CVE-2026-44295.
Watch for
- Fixing the package version but leaving cached generated files created by the vulnerable toolchain.
- Assuming
.proto-only safety while another pipeline still consumes JSON. - Running code generation in privileged CI jobs with publish credentials.
Output contract
Return one of:
- A reviewer-ready PR/change request that upgrades
protobufjs-clito1.3.2+or2.5.0+, replaces or validates untrusted JSON descriptor flows, refreshes cached generated artifacts, isolates codegen from release credentials, adds safe regression checks, and documents operator follow-up. TRIAGE.mdwhen no controlled affectedprotobufjs-clidependency,pbjsstatic generation path, JSON descriptor input, or generated artifact exists.
The output must list versions before/after, codegen commands in scope, whether JSON descriptors remain, descriptor provenance, generated artifacts refreshed, isolation controls, validation commands, and any build-platform owner actions. It must not generate live injected output, execute generated payloads, expose schema secrets or CI credentials, or leave vulnerable cached generated files in place.
Related recipes
- Source-code injection sink audit
- Source-code supply chain build integrity audit
- CVE-2026-48054 - OpenZeppelin Wizard generated test code injection
References
- GitHub Advisory Database: https://github.com/advisories/GHSA-pr59-h9ph-3fr8
- Related bypass antecedent: https://github.com/advisories/GHSA-6r35-46g8-jcw9