22x memory amp DoS in Anthropic's buffa protobuf decoder (CVE-2026-55407) Anthropic's Rust protobuf library buffa contains a denial-of-service vulnerability (CVE-2026-55407) that allows attackers to trigger excessive memory allocation, up to 22x the input size, via an unknown-field decoder. Endor Labs' AI SAST engine identified the flaw, which affects all messages decoded with `preserve_unknown_fields=true`. Anthropic has acknowledged the issue and is collaborating on a fix. When I pointed Endor Labs' AI SAST engine at buffa https://github.com/anthropics/buffa , Anthropic's Rust protobuf library, it flagged a vulnerable data flow I would not have prioritized from a quick read: an unknown-field decoder that allocates heap in proportion to attacker-controlled wire data. The engine called it a potential denial of service via excessive memory allocation. The proportional allocation the engine pointed at is real but modest, roughly 2x the input. Following the same function one branch further led to a second sink that amplifies a tiny input into a heap blow-up of about 22x, which is enough to OOM-kill a process whose memory cap sits well above any sane input-size limit. buffa ships from Anthropic, the same lab that builds frontier models, including the recently released and un-released Mythos and Fable models, so it is about as close to model-assisted, heavily reviewed Rust as you will find. This flaw in the data flow still shipped, and was caught by our AI SAST security engine, following it end to end. The Anthropic team quickly responded to the disclosure and engaged in productive collaborative discourse on severity depending on deployment. This is a good example of Endor Labs AI SAST https://www.endorlabs.com/learn/ai-sast-benchmark-2x-more-real-vulnerabilities earning its keep on a memory-safe language. The bug is an allocation-budget flaw on a forward-compatibility code path that every buffa-decoded message routes untrusted input through, and the engine found it by following data, not by pattern-matching a dangerous call. Affected component Tracked as GHSA-f9qc-qg88-7pq5 https://github.com/anthropics/buffa/security/advisories/GHSA-f9qc-qg88-7pq5 / CVE-2026-55407, Moderate CVSS 4.0 6.3 . Any message decoded from untrusted input using code generated with preserve unknown fields=true the default was affected. The vulnerable code is decode unknown field in buffa/src/encoding.rs. How AI SAST identified it The engine traced a length value parsed from wire data straight into a Vec