Track CVE-2026-0994: protobuf JSON recursion depth bypass #60
Description
CVE-2026-0994: protobuf JSON Recursion Depth Bypass
Status: PATCH AVAILABLE - Ready to Upgrade
| Field | Value |
|---|---|
| CVE | CVE-2026-0994 |
| Severity | HIGH (CVSS 8.2) |
| Type | Denial of Service (DoS) |
| Current Version | 5.29.5 (AFFECTED) |
| Patched Version | 6.33.5 (available on PyPI) |
| Published | 2026-01-23 |
Vulnerability Details
A denial-of-service vulnerability in google.protobuf.json_format.ParseDict() allows attackers to bypass the max_recursion_depth limit using deeply nested Any messages, causing RecursionError and crashing the Python process.
How It Enters AgentOS
Transitive dependency via Google API packages for Gemini integration:
- google-api-core
- googleapis-common-protos
- grpcio-status
- proto-plus
Risk Assessment: MEDIUM-HIGH
| Factor | Assessment |
|---|---|
| Exploitability | Requires attacker to control JSON being parsed |
| AgentOS exposure | We use protobuf for outbound Gemini API calls, not parsing untrusted input |
| Impact if exploited | DoS (crash), not data breach or RCE |
| Upgrade risk | Major version jump (5.x → 6.x) - potential breaking changes |
Recommendation: Upgrade with Full Regression
Protocol (Dependabot-style):
# 1. Create worktree
git worktree add ../AgentOS-60 -b 60-protobuf-cve-patch
cd ../AgentOS-60
git push -u origin HEAD
# 2. Upgrade protobuf
poetry add protobuf@^6.33.5
# 3. Run full regression
poetry run pytest tests/ -v
# 4. If tests pass, create PR
# If tests fail, document breaking changesBreaking Change Risk
The 5.x → 6.x upgrade may affect:
- Message serialization format
- Field access patterns
- API compatibility with google-api-core, grpcio-status
Mitigation: Run full regression. If failures occur, they will likely be in Gemini integration tests.
Acceptance Criteria
- Upgrade protobuf to ≥6.33.5
- Full regression tests pass
- Document any breaking changes encountered
- Verify Gemini API calls still work (run workflow with --mock or live test)