MEDIUM
MessagePack-CSharp
CVE published 2026-06-22
CVE-2026-48511
CVE-2026-48511 is a denial of service vulnerability in MessagePack for C# due to inefficient ExpandoObjectFormatter.Deserialize method. The issue arises from the method's quadratic CPU and allocation behavior when handling large, attacker-controlled maps. This vulnerability is fixed in versions 2.5.301 and 3.1.7. Users should update to these versions to mitigate the issue. The vulnerability has a CVSS sco [truncated]