Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

CVE
CVEadded yesterday43 views

CVE-2026-48109

CVE-2026-48109 affects MessagePack-CSharp in the optional LZ4 decompression path (Lz4Block, Lz4BlockArray). The vulnerability stems from a deprecated fast-decompression algorithm that does not enforce a source-length bound, enabling a remote attacker to craft payloads with manipulated LZ4 token/l...

8.2CVSS5.9AI score0.00121EPSS
Exploits0References1
EUVD
EUVDadded yesterday5 views

EUVD-2026-38389

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, MessagePackReader.ReadDateTime can allocate stack memory based on an attacker-controlled MessagePack extension length. In the slow path for timestamp extension parsing, the computed tokenSize includes the extension...

8.2CVSS5.9AI score
Exploits0References1
CVE
CVEadded yesterday8 views

CVE-2026-48506

The CVE-2026-48506 entry concerns MessagePack-CSharp: MessagePackReader.TrySkip() can recurse without incrementing depth checks, bypassing MaximumObjectGraphDepth and risking unbounded recursion leading to StackOverflow. Affected: MessagePack-CSharp (reader Skip usage in nested arrays/maps). Root...

7.5CVSS5.8AI score
Exploits0References1
CVE
CVEadded yesterday8 views

CVE-2026-48509

The CVE affects MessagePack-CSharp (ASP.NET Core) where the default parameterless MessagePackInputFormatter() uses MessagePackSerializerOptions.Standard with MessagePackSecurity.TrustedData, exposing ASP.NET Core MVC request bodies to DoS likely via UntrustedData protections. Affected versions: M...

6.3CVSS5.7AI score
Exploits0References1
CVE
CVEadded yesterday8 views

CVE-2026-48512

CVE-2026-48512 affects MessagePack-CSharp’s JSON conversion helpers. Before versions 2.5.301 and 3.1.7, ConvertFromJsonCore and related paths can recurse without enforcing a consistent depth limit, and TinyJsonReader can parse tokens with unbounded recursion. The typeless ext-100 path also recurs...

6.3CVSS5.8AI score
Exploits0References1
CVE
CVEadded yesterday4 views

CVE-2026-48515

MessagePack-CSharp (MessagePack for C#) contains a vulnerability in its multi-dimensional array formatters that allocate a T[,], T[,,], or T[,,,] before validating the encoded element count. Prior to versions 2.5.301 and 3.1.7, the formatter reads dimension lengths from the payload and allocates ...

6.3CVSS5.9AI score
Exploits0References1
CVE
CVEadded yesterday4 views

CVE-2026-48517

CVE-2026-48517 affects MessagePack for C# where typeless deserialization does not recursively inspect array element types or generic type arguments, allowing a type that is blocked directly to slip through when wrapped in an array or a constructed generic type. The default safety check (ThrowIfDe...

6.3CVSS5.9AI score
Exploits0References1
Positive Technologies
Positive Technologiesadded 2024/10/17 12:0 a.m.5 views

PT-2024-33272 · Unknown · Messagepack-Csharp

Name of the Vulnerable Software and Affected Versions: MessagePack-CSharp versions prior to 2.5.187 and 3.0.214 Description: The vulnerability occurs when the library is used to deserialize messagepack data from an untrusted source, leading to a risk of a denial of service attack by an attacker...

8.7CVSS6.8AI score0.00356EPSS
Exploits0References12
Rows per page
Query Builder