CyberRota
← Ana sayfaya dön

CVE-2026-48510

HIGH · CVSS 7.5 EPSS %0.24 Public Exploit

Kaynak: NVD + CISA KEV + EPSS · Yayınlanma: 2026-06-22T22:16:47.713 · Çekilme zamanı: 2026-06-30T18:29:44.002076+00:00

CyberRota Yorumu

Detaylı analiz gerekiyor.

Public Exploit Sinyali

Bu CVE için açıklama veya referanslarda public exploit / PoC / GitHub / Metasploit sinyali tespit edildi.

GitHub PoC Linkleri
github.com

Not: Bu bağlantılar yalnızca güvenlik araştırması ve doğrulama amacıyla listelenmiştir.

CVE
CVE-2026-48510
Severity
HIGH
CVSS
7.5
EPSS
%0.24

Orijinal NVD Açıklaması

MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, when MessagePack-CSharp decompresses Lz4Block or Lz4BlockArray payloads, it reads declared uncompressed lengths from the wire and allocates output buffers based on those lengths before validating that the compressed data is valid or that the declared expansion is reasonable. A small payload can claim a very large uncompressed length and force a large allocation before LZ4 decoding begins. This vulnerability is fixed in 2.5.301 and 3.1.7.