
Anthropic buffa Library Hit by Zero-Day DoS Flaw in Rust Protobuf Decoder
A denial-of-service vulnerability in buffa, Anthropic’s Rust protobuf library, shows that even memory-safe code from a frontier AI lab isn’t immune to allocation-budget flaws. Tracked as CVE-2026-55407 (CVSS 4.0: 6.3, Moderate), the bug was uncovered by Endor Labs’ AI SAST engine, which traced attacker-controlled wire data through an unbounded allocation path rather than relying on […]
The post Anthropic buffa Library Hit by Zero-Day DoS Flaw in Rust Protobuf Decoder appeared first on Cyber Security News.