Is CVE-2026-44295 in the CISA Known Exploited Vulnerabilities catalog?

CVE-2026-44295 is not currently listed in the CISA KEV catalog.

Vulnerability intelligence

CVE-2026-44295

A critical RCE chain in protobuf.js — used across Node.js frameworks — turns schema definitions into arbitrary code execution. Exploit code is public.

2026

What WebPulse reported · 1 analysis

220 Million Monthly Downloads. Six Vulnerabilities. The protobuf.js Supply Chain.

A critical RCE chain in protobuf.js — used across Node.js frameworks — turns schema definitions into arbitrary code execution. Exploit code is public.

June 11, 2026

View CVE-2026-44295 on the NIST National Vulnerability Database →

Related vulnerabilities

CVE-2026-9082 CVE-2026-8206 CVE-2026-48019 CVE-2026-35273 CVE-2026-11645 CVE-2026-8181 CVE-2026-47291 CVE-2026-45657