CVE-2026-48517

CVE-2026-48517 affects MessagePack-CSharp (MessagePack for C#). The vulnerability arises because typeless deserialization’s safety check (ThrowIfDeserializingTypeIsDisallowed) only validates the outer type name and does not recursively inspect inner types such as array element types or generic ty...