CVE-2026-21452
Published: 02 January 2026
Summary
CVE-2026-21452 is a high-severity Uncontrolled Resource Consumption (CWE-400) vulnerability in Msgpack Messagepack. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 9.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Threat & Defense at a Glance
Threat & Defense Details
Likely Mitigating ControlsAI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Limiting concurrent sessions directly prevents uncontrolled resource consumption by capping the number of active sessions per user or account.
Analysis identifies uncontrolled resource consumption indicative of denial-of-service or abuse attempts.
Contingency plan testing includes resource exhaustion scenarios to verify recovery, making it harder for attackers to sustain exploits that cause uncontrolled consumption.
Updated contingency plans include current procedures to detect, contain, and recover from resource exhaustion, limiting an attacker's ability to sustain impact from uncontrolled consumption.
Alternate site allows resumption of operations if resource exhaustion at the primary site is exploited to cause unavailability.
Alternate telecommunications services enable resumption of essential functions when primary services become unavailable due to uncontrolled resource consumption.
The team can analyze and respond to resource exhaustion incidents, reducing the impact of attacks that exploit uncontrolled consumption weaknesses.
Timely maintenance support and spare parts enable rapid recovery from failures induced by uncontrolled resource consumption, shortening the impact window of denial-of-service attacks.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Directly enables application/system exploitation for endpoint DoS via malicious deserialization leading to resource exhaustion.
NVD Description
MessagePack for Java is a serializer implementation for Java. A denial-of-service vulnerability exists in versions prior to 0.9.11 when deserializing .msgpack files containing EXT32 objects with attacker-controlled payload lengths. While MessagePack-Java parses extension headers lazily, it later trusts the declared…
more
EXT payload length when materializing the extension data. When ExtensionValue.getData() is invoked, the library attempts to allocate a byte array of the declared length without enforcing any upper bound. A malicious .msgpack file of only a few bytes can therefore trigger unbounded heap allocation, resulting in JVM heap exhaustion, process termination, or service unavailability. This vulnerability is triggered during model loading / deserialization, making it a model format vulnerability suitable for remote exploitation. The vulnerability enables a remote denial-of-service attack against applications that deserialize untrusted .msgpack model files using MessagePack for Java. A specially crafted but syntactically valid .msgpack file containing an EXT32 object with an attacker-controlled, excessively large payload length can trigger unbounded memory allocation during deserialization. When the model file is loaded, the library trusts the declared length metadata and attempts to allocate a byte array of that size, leading to rapid heap exhaustion, excessive garbage collection, or immediate JVM termination with an OutOfMemoryError. The attack requires no malformed bytes, user interaction, or elevated privileges and can be exploited remotely in real-world environments such as model registries, inference services, CI/CD pipelines, and cloud-based model hosting platforms that accept or fetch .msgpack artifacts. Because the malicious file is extremely small yet valid, it can bypass basic validation and scanning mechanisms, resulting in complete service unavailability and potential cascading failures in production systems. Version 0.9.11 fixes the vulnerability.
Deeper analysisAI
CVE-2026-21452 is a denial-of-service vulnerability in MessagePack for Java, a serializer implementation for Java, affecting versions prior to 0.9.11. The issue arises during deserialization of .msgpack files containing EXT32 objects with attacker-controlled payload lengths. Although MessagePack-Java parses extension headers lazily, it trusts the declared EXT payload length when materializing the extension data via ExtensionValue.getData(), attempting to allocate a byte array of that size without any upper bound enforcement. A malicious .msgpack file of only a few bytes can thus trigger unbounded heap allocation, leading to JVM heap exhaustion, excessive garbage collection, process termination, or an OutOfMemoryError. This constitutes a model format vulnerability triggered specifically during model loading or deserialization.
The vulnerability enables remote denial-of-service attacks against any application that deserializes untrusted .msgpack model files using the affected library. Attackers require no user interaction, elevated privileges, or malformed bytes; a syntactically valid, extremely small .msgpack file with an excessively large declared EXT32 payload length suffices. Exploitation is feasible remotely in environments such as model registries, inference services, CI/CD pipelines, and cloud-based model hosting platforms that accept or fetch .msgpack artifacts. Successful attacks result in complete service unavailability and potential cascading failures in production systems, with a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), mapped to CWEs 400 (Uncontrolled Resource Consumption) and 789 (Memory Allocation with Excessive Size Value).
The MessagePack for Java security advisory (GHSA-cw39-r4h6-8j3x) and release notes for version 0.9.11 detail the fix, implemented via commit daa2ea6b2f11f500e22c70a22f689f7a9debdeae, which addresses the unbounded allocation by enforcing limits on extension payload lengths during deserialization. Security practitioners should upgrade to version 0.9.11 or later and validate or scan .msgpack inputs for excessive extension declarations.
This vulnerability holds particular relevance for AI/ML workflows due to its exploitation vector in model loading pipelines, where untrusted serialized models are common, though no public reports of real-world exploitation exist as of the CVE publication on 2026-01-02.
Details
- CWE(s)