Description
MessagePack for Java is a serializer implementation for Java. A denial-of-service vulnerability exists in versions prior to 0.9.11 when deserializing .msgpack files containing EXT32 objects with attacker-controlled payload lengths. While MessagePack-Java parses extension headers lazily, it later trusts the declared EXT payload length when materializing the extension data. When ExtensionValue.getData() is invoked, the library attempts to allocate a byte array of the declared length without enforcing any upper bound. A malicious .msgpack file of only a few bytes can therefore trigger unbounded heap allocation, resulting in JVM heap exhaustion, process termination, or service unavailability. This vulnerability is triggered during model loading / deserialization, making it a model format vulnerability suitable for remote exploitation. The vulnerability enables a remote denial-of-service attack against applications that deserialize untrusted .msgpack model files using MessagePack for Java. A specially crafted but syntactically valid .msgpack file containing an EXT32 object with an attacker-controlled, excessively large payload length can trigger unbounded memory allocation during deserialization. When the model file is loaded, the library trusts the declared length metadata and attempts to allocate a byte array of that size, leading to rapid heap exhaustion, excessive garbage collection, or immediate JVM termination with an OutOfMemoryError. The attack requires no malformed bytes, user interaction, or elevated privileges and can be exploited remotely in real-world environments such as model registries, inference services, CI/CD pipelines, and cloud-based model hosting platforms that accept or fetch .msgpack artifacts. Because the malicious file is extremely small yet valid, it can bypass basic validation and scanning mechanisms, resulting in complete service unavailability and potential cascading failures in production systems. Version 0.9.11 fixes the vulnerability.
Published: 2026-01-02
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Denial of Service
Action: Apply Patch
AI Analysis

Impact

MessagePack for Java deserializes .msgpack files and is vulnerable to a denial‑of‑service in versions before 0.9.11. An attacker can supply a valid EXT32 object whose declared payload length far exceeds the file size. The library lazily parses the header but later trusts that length when allocating a byte array. Because no upper bound is enforced, a small malicious file can force the library to allocate an enormous buffer, exhausting the JVM heap, triggering frequent garbage collection, or causing the process to terminate with an OutOfMemoryError.

Affected Systems

Vulnerable packages are msgpack:msgpack-java 0.9.10 and earlier. The affected components are the MessagePack‑Java serializer used during model loading, for example in machine‑learning inference services, model registries, CI/CD pipelines, and cloud‑based hosting platforms that consume .msgpack artifacts. The vulnerability exists in the core extension handling code of the library, specifically the ExtensionValue.getData() method after the lazy header parse.

Risk and Exploitability

CVSS base score is 7.5 with no malicious payload required beyond a syntactically valid .msgpack file, making exploitation trivial once an untrusted file can be processed. EPSS is less than 1 %, suggesting the vulnerability has not yet been widely exploited, and it is not catalogued in KEV. Because the attack occurs during deserialization, any application that imports or loads model files without validating the source is exposed. The risk is high for services that expose a file‑upload interface or fetch artifacts from external repositories; once triggered, the service becomes completely unavailable.

Generated by OpenCVE AI on April 18, 2026 at 08:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade MessagePack‑Java to version 0.9.11 or later.
  • Validate all incoming .msgpack files before deserialization; enforce strict length checks or use a whitelist of trusted sources.
  • Configure JVM memory limits and monitor heap usage to detect sudden expansion; consider sandboxing the deserialization process with restricted resources.

Generated by OpenCVE AI on April 18, 2026 at 08:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-cw39-r4h6-8j3x MessagePack for Java Vulnerable to Remote DoS via Malicious EXT Payload Allocation
History

Thu, 05 Feb 2026 19:30:00 +0000

Type Values Removed Values Added
First Time appeared Msgpack messagepack
Weaknesses NVD-CWE-Other
CPEs cpe:2.3:a:msgpack:messagepack:0.9.10:*:*:*:*:java:*:*
Vendors & Products Msgpack messagepack

Mon, 05 Jan 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Msgpack
Msgpack msgpack
Vendors & Products Msgpack
Msgpack msgpack

Fri, 02 Jan 2026 22:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 02 Jan 2026 21:00:00 +0000

Type Values Removed Values Added
Description MessagePack for Java is a serializer implementation for Java. A denial-of-service vulnerability exists in versions prior to 0.9.11 when deserializing .msgpack files containing EXT32 objects with attacker-controlled payload lengths. While MessagePack-Java parses extension headers lazily, it later trusts the declared EXT payload length when materializing the extension data. When ExtensionValue.getData() is invoked, the library attempts to allocate a byte array of the declared length without enforcing any upper bound. A malicious .msgpack file of only a few bytes can therefore trigger unbounded heap allocation, resulting in JVM heap exhaustion, process termination, or service unavailability. This vulnerability is triggered during model loading / deserialization, making it a model format vulnerability suitable for remote exploitation. The vulnerability enables a remote denial-of-service attack against applications that deserialize untrusted .msgpack model files using MessagePack for Java. A specially crafted but syntactically valid .msgpack file containing an EXT32 object with an attacker-controlled, excessively large payload length can trigger unbounded memory allocation during deserialization. When the model file is loaded, the library trusts the declared length metadata and attempts to allocate a byte array of that size, leading to rapid heap exhaustion, excessive garbage collection, or immediate JVM termination with an OutOfMemoryError. The attack requires no malformed bytes, user interaction, or elevated privileges and can be exploited remotely in real-world environments such as model registries, inference services, CI/CD pipelines, and cloud-based model hosting platforms that accept or fetch .msgpack artifacts. Because the malicious file is extremely small yet valid, it can bypass basic validation and scanning mechanisms, resulting in complete service unavailability and potential cascading failures in production systems. Version 0.9.11 fixes the vulnerability.
Title MessagePack-Java Vulnerable to Remote Denial of Service via Malicious .msgpack Model File Triggering Unbounded EXT Payload Allocation
Weaknesses CWE-400
CWE-789
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Msgpack Messagepack Msgpack
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-01-02T21:22:01.956Z

Reserved: 2025-12-29T03:00:29.277Z

Link: CVE-2026-21452

cve-icon Vulnrichment

Updated: 2026-01-02T21:21:57.480Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-02T21:16:03.067

Modified: 2026-02-05T19:21:02.140

Link: CVE-2026-21452

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T08:30:35Z

Weaknesses