CVE-2026-54271 - protobufjs-cli JSON descriptor code injection

CVE-2026-54271 affects protobufjs-cli static and static-module code generation from pre-parsed JSON descriptors. Unsafe name handling remained reachable after a prior fix, so crafted descriptor names can still inject attacker-controlled JavaScript into generated output. The common path of parsing .proto files directly is not affected.

This is a build-pipeline vulnerability. Exposure exists when a repository runs pbjs against attacker-influenced JSON descriptors and later executes or imports the generated JavaScript.

When to use it

Use this recipe when a JavaScript/TypeScript repository uses protobufjs-cli or pbjs to generate static JavaScript from schema inputs, especially when JSON descriptors can come from third parties, CI artifacts, plugins, marketplace packages, uploaded schemas, tenant configuration, or agent-created bundles. It is a generated-code and build-pipeline recipe, not a generic protobuf runtime issue.

Use it to upgrade the codegen tool and isolate or reject untrusted descriptors. Do not use it to generate or execute injected JavaScript.

Inputs

  • npm manifests, lockfiles, workspaces, Dockerfiles, generated dependency reports, SBOMs, build scripts, codegen jobs, generated artifacts, and cached generated files that reference protobufjs-cli.
  • pbjs command lines, static/static-module generation modes, descriptor sources, generated output paths, and import/execution points for generated JavaScript.
  • Provenance of schema inputs: trusted .proto, checked-in JSON descriptor, CI artifact, plugin/extension package, user upload, tenant schema, model or agent generated descriptor, or third-party bundle.
  • Isolation and credential context for codegen jobs: release tokens, package publish credentials, CI secrets, network access, and artifact signing keys.
  • Regression fixtures that reject unsafe descriptor-name shapes without producing executable payload output.

Affected versions

Package Vulnerable versions Fixed versions
protobufjs-cli <= 1.3.1 1.3.2+
protobufjs-cli >= 2.0.0, <= 2.4.2 2.5.0+

This is a bypass of GHSA-6r35-46g8-jcw9 / CVE-2026-44295.

Indicator-of-exposure

  • The repository resolves affected protobufjs-cli versions.
  • Build scripts run pbjs in static or static-module mode.
  • Input comes from JSON descriptors rather than trusted .proto sources.
  • Descriptor names can be influenced by third parties, imported bundles, CI artifacts, plugins, or tenant-controlled schema uploads.

Quick checks:

rg -n "pbjs|protobufjs-cli|static-module|static\\b|json descriptor|\\.json" .
npm ls protobufjs-cli
pnpm why protobufjs-cli
yarn why protobufjs-cli

Do not run affected pbjs versions on crafted untrusted JSON descriptors.

Remediation strategy

  • Upgrade protobufjs-cli to 1.3.2+ or 2.5.0+.
  • Prefer generating from trusted .proto files instead of accepting pre-parsed JSON descriptors from untrusted sources.
  • If JSON descriptor input must remain, validate descriptor-derived names against a strict allow-list before code generation.
  • Run code generation in an isolated environment with no release or deployment credentials.

The prompt

Model context: this prompt was generated by GPT 5.5 Extra High reasoning.

You are remediating CVE-2026-54271 / GHSA-pr59-h9ph-3fr8, a `protobufjs-cli`
code-generation flaw where crafted JSON descriptor names can inject code into
generated JavaScript. Produce exactly one output:

- A reviewer-ready PR/change request that upgrades `protobufjs-cli`, removes or
  validates untrusted JSON descriptor flows, adds safe regression checks, and
  documents operator follow-up, or
- TRIAGE.md if this repository does not control an affected `pbjs` codegen
  path.

## Rules

- Scope only CVE-2026-54271 and directly related `pbjs` static generation.
- Treat build artifacts, generated code, schema bundles, release tokens, and CI
  credentials as sensitive.
- Do not generate live injected output from crafted descriptors.
- Do not auto-merge.

## Steps

1. Inventory every `protobufjs-cli` dependency, build script, codegen job, and
   generated artifact controlled here.
2. Determine whether any resolved version is in the affected ranges.
3. Search for `pbjs` static or static-module generation and whether input comes
   from JSON descriptors or trusted `.proto` files.
4. If no controlled affected path exists, stop with `TRIAGE.md`.
5. Upgrade `protobufjs-cli` to a fixed version and refresh lockfiles and
   generated dependency artifacts.
6. Replace untrusted JSON descriptor inputs with trusted `.proto` inputs where
   practical.
7. Where JSON descriptors remain necessary, validate descriptor-derived names
   before code generation and isolate the codegen environment.
8. Add safe regression checks that assert fixed versions and reject unsafe
   descriptor-name shapes without generating executable payloads.
9. Add a PR body section named `CVE-2026-54271 operator actions` covering
   versions before and after, whether JSON descriptor inputs remain, and what
   isolation or validation controls were added.
10. Run relevant validation: package install, codegen, tests, linting, and
    dependency/security scans.
11. Use PR title:
    `fix(sec): remediate CVE-2026-54271 in protobufjs-cli`.

## Stop conditions

- No affected `protobufjs-cli` code generation path is controlled here.
- Validation would require generating or executing injected code.
- Code generation is owned by another build platform outside this repository.

Verification - what the reviewer looks for

  • No controlled install resolves an affected protobufjs-cli version.
  • Untrusted JSON descriptors no longer flow directly into static code generation without validation or isolation.
  • Regression checks cover the bypass class from CVE-2026-44295.

Watch for

  • Fixing the package version but leaving cached generated files created by the vulnerable toolchain.
  • Assuming .proto-only safety while another pipeline still consumes JSON.
  • Running code generation in privileged CI jobs with publish credentials.

Output contract

Return one of:

  • A reviewer-ready PR/change request that upgrades protobufjs-cli to 1.3.2+ or 2.5.0+, replaces or validates untrusted JSON descriptor flows, refreshes cached generated artifacts, isolates codegen from release credentials, adds safe regression checks, and documents operator follow-up.
  • TRIAGE.md when no controlled affected protobufjs-cli dependency, pbjs static generation path, JSON descriptor input, or generated artifact exists.

The output must list versions before/after, codegen commands in scope, whether JSON descriptors remain, descriptor provenance, generated artifacts refreshed, isolation controls, validation commands, and any build-platform owner actions. It must not generate live injected output, execute generated payloads, expose schema secrets or CI credentials, or leave vulnerable cached generated files in place.

References