7.5

CVSS Score

3.1

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2026-21452

CVE-2026-21452: MessagePack-Java Vulnerable to Remote Denial of Service via Malicious .msgpack Model File Triggering Unbounded EXT Payload Allocation

MessagePack for Java is a serializer implementation for Java. A denial-of-service vulnerability exists in versions prior to 0.9.11 when deserializing .msgpack files containing EXT32 objects with attacker-controlled payload lengths. While MessagePack-Java parses extension headers lazily, it later trusts the declared EXT payload length when materializing the extension data. When ExtensionValue.getData() is invoked, the library attempts to allocate a byte array of the declared length without enforcing any upper bound. A malicious .msgpack file of only a few bytes can therefore trigger unbounded heap allocation, resulting in JVM heap exhaustion, process termination, or service unavailability. This vulnerability is triggered during model loading / deserialization, making it a model format vulnerability suitable for remote exploitation. The vulnerability enables a remote denial-of-service attack against applications that deserialize untrusted .msgpack model files using MessagePack for Java. A specially crafted but syntactically valid .msgpack file containing an EXT32 object with an attacker-controlled, excessively large payload length can trigger unbounded memory allocation during deserialization. When the model file is loaded, the library trusts the declared length metadata and attempts to allocate a byte array of that size, leading to rapid heap exhaustion, excessive garbage collection, or immediate JVM termination with an OutOfMemoryError. The attack requires no malformed bytes, user interaction, or elevated privileges and can be exploited remotely in real-world environments such as model registries, inference services, CI/CD pipelines, and cloud-based model hosting platforms that accept or fetch .msgpack artifacts. Because the malicious file is extremely small yet valid, it can bypass basic validation and scanning mechanisms, resulting in complete service unavailability and potential cascading failures in production systems. Version 0.9.11 fixes the vulnerability.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2026-21452

CVE-2026-21452:

7.5

CVSS Score

3.1

-

CVSS Score

Basic Information

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.msgpack:msgpack-core	maven	< 0.9.11	0.9.11

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability is a Denial of Service in the msgpack-java library, caused by uncontrolled memory allocation. The root cause lies in the org.msgpack.core.MessageUnpacker.readPayload(int length) method. Prior to the patch, this method would immediately allocate a byte array of size length (new byte[length]), where length is a value read directly from the (potentially malicious) input stream's EXT32 or BIN32 header. An attacker could craft a very small file declaring a huge payload length (e.g., 1GB), causing the library to attempt a massive memory allocation that results in a java.lang.OutOfMemoryError, terminating the application.

The exploit is typically triggered through higher-level API calls like unpackValue() and ExtensionValue.getData(), which lead to the invocation of the vulnerable readPayload method, as confirmed by the stack trace in the vulnerability report. The patch resolves this by modifying readPayload to use a safer, gradual allocation strategy for payloads declaring a size over a 64MB threshold. It reads the data in chunks, verifying that the input stream actually contains the data before committing to the full memory allocation, thus preventing the DoS attack. The analysis identified both the root-cause function (readPayload) and the key library function in the exploit chain (unpackValue) as the vulnerable functions that would appear in a runtime profile.

Vulnerable functions

org.msgpack.core.MessageUnpacker.readPayload

msgpack-core/src/main/java/org/msgpack/core/MessageUnpacker.java

This function was vulnerable because it directly allocated a byte array using a user-controlled 'length' from the input data without any size validation. A malicious input could provide an excessively large length, leading to an OutOfMemoryError and a Denial of Service. The patch mitigates this by introducing a threshold and performing gradual allocation for large lengths, verifying data availability before allocating the full memory.

org.msgpack.core.MessageUnpacker.unpackValue

msgpack-core/src/main/java/org/msgpack/core/MessageUnpacker.java

This function is a primary entry point for deserializing MessagePack data. When it encounters an EXT or BIN data type, it determines the payload size from the stream and then calls the `readPayload` method to extract the data. Because the vulnerable version of `readPayload` performed unsafe memory allocation, `unpackValue` serves as a direct vector to trigger the Denial of Service vulnerability.

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

7.5

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2026-21452: MessagePack-Java Vulnerable to Remote Denial of Service via Malicious .msgpack Model File Triggering Unbounded EXT Payload Allocation

CVE-2026-21452:

7.5

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2026-21452: MessagePack-Java Vulnerable to Remote Denial of Service via Malicious .msgpack Model File Triggering Unbounded EXT Payload Allocation

Basic Information

Basic Information

7.5

7.5

Technical Details

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI