CyberRota
← Ana sayfaya dön

CVE-2026-48502

HIGH · CVSS 7.5 EPSS %0.26 Public Exploit

Kaynak: NVD + CISA KEV + EPSS · Yayınlanma: 2026-06-22T22:16:47.147 · Çekilme zamanı: 2026-06-30T18:29:42.709135+00:00

CyberRota Yorumu

Bellek tüketimine neden olabilir.

Public Exploit Sinyali

Bu CVE için açıklama veya referanslarda public exploit / PoC / GitHub / Metasploit sinyali tespit edildi.

GitHub PoC Linkleri
github.com

Not: Bu bağlantılar yalnızca güvenlik araştırması ve doğrulama amacıyla listelenmiştir.

CVE
CVE-2026-48502
Severity
HIGH
CVSS
7.5
EPSS
%0.26

Orijinal NVD Açıklaması

MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, MessagePackReader.ReadDateTime() can allocate stack memory based on an attacker-controlled MessagePack extension length. In the slow path for timestamp extension parsing, the computed tokenSize includes the extension body length from the wire and is used in a stackalloc operation before the extension length is validated as one of the valid timestamp sizes. A very small payload can claim a large timestamp extension body and cause a stack allocation large enough to trigger an uncatchable StackOverflowException, terminating the host process. This vulnerability is fixed in 2.5.301 and 3.1.7.