NuGet CVE Archive

MessagePack CVE Vulnerabilities

All known CVEs affecting MessagePack. Kodem’s runtime-powered SCA reveals which are actually reachable in your application.

Known vulnerabilities
CVE
Summary
Severity
CVE-2026-48511
MessagePack-CSharp: ExpandoObject formatter can perform quadratic insertion…
Medium
CVE-2026-48510
MessagePack-CSharp: LZ4 decompression allocates from unbounded declared output…
Medium
CVE-2026-48506
MessagePack-CSharp: MessagePackReader.Skip can recurse without enforcing…
High
CVE-2026-48109
MessagePack's LZ4 decompression may fail with AccessViolationException after…
High
CVE-2020-5234
Untrusted data can lead to DoS attack due to hash collisions and stack overflow…
Medium

Prioritize MessagePack vulnerabilities

Kodem Kai can identify which of these CVEs are reachable in your dependency tree and generate targeted fix recommendations.

Get a demo →

Stop the waste.
Protect your environment with Kodem.

Get a personalized demo
Get a personalized demo