← Back
2026-06-22 21:3CVE-2026-48517GitHub_M
PUBLISHED5.2CWE-470CWE-502

MessagePack-CSharp: Typeless deserialization type restrictions do not recurse into arrays or generic arguments

MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, MessagePack-CSharp's typeless deserialization includes MessagePackSerializerOptions.ThrowIfDeserializingTypeIsDisallowed(Type) as a safety check for dangerous types. The default implementation checks the outer type name, but it does not recursively inspect array element types or generic type arguments. As a result, a type that would be blocked directly can be wrapped inside an array or constructed generic type and pass the outer type check. The formatter machinery can then materialize formatters for the inner blocked type. This vulnerability is fixed in 2.5.301 and 3.1.7.

Problem type

Affected products

MessagePack-CSharp

MessagePack-CSharp

>= 3.1.7, < 3.1.7 - AFFECTED

< 2.5.301 - AFFECTED

References

https://github.com/MessagePack-CSharp/MessagePack-CSharp/security/advisories/GHSA-qhmf-xw27-6rqr

https://github.com/MessagePack-CSharp/MessagePack-CSharp/security/advisories/GHSA-qhmf-xw27-6rqr

x_refsource_CONFIRM

GitHub Security Advisories

GHSA-qhmf-xw27-6rqr

MessagePack-CSharp: Typeless deserialization type restrictions do not recurse into arrays or generic arguments

https://github.com/advisories/GHSA-qhmf-xw27-6rqr

Summary

MessagePack-CSharp's typeless deserialization includes MessagePackSerializerOptions.ThrowIfDeserializingTypeIsDisallowed(Type) as a safety check for dangerous types. The default implementation checks the outer type name, but it does not recursively inspect array element types or generic type arguments.

As a result, a type that would be blocked directly can be wrapped inside an array or constructed generic type and pass the outer type check. The formatter machinery can then materialize formatters for the inner blocked type.

Impact

Applications are affected when they deserialize untrusted payloads using typeless serialization features such as MessagePackSerializer.Typeless, TypelessObjectResolver, or related typeless resolver options.

Typeless deserialization is already a high-risk feature for untrusted data, but the presence of a disallowed-type hook creates an expectation that blocked types remain blocked. This issue weakens that mitigation because the check is not applied structurally to nested type components. An attacker who can supply typeless ext-100 payloads may bypass exact outer-type blocklist checks by naming wrapper types such as arrays or generic containers.

The consequence depends on which type is reached and what the application allows typeless deserialization to instantiate. The original findings describe bypasses involving blocked or user-blocklisted gadget types.

Affected components

  • Package: MessagePack
  • Feature: typeless deserialization
  • APIs: MessagePackSerializerOptions.ThrowIfDeserializingTypeIsDisallowed, TypelessFormatter
  • Finding IDs: MESSAGEPACKCSHARP-030, duplicate/open variant MESSAGEPACKCSHARP-OPEN-007

Patches

Fixes are available via versions 2.5.301 and 3.1.7.

Upgrade guidance:

  1. Upgrade MessagePack to the patched version for your release line.
  2. Upgrade companion MessagePack packages in the same dependency graph to the coordinated patched versions.

The fix should apply type-disallow checks recursively to array element types, pointer/byref element types where applicable, nullable underlying types, and constructed generic type arguments. Formatter paths that materialize types supplied by the wire should not instantiate inner types that fail the configured policy.

Workarounds

Patching is recommended.

Avoid typeless deserialization for untrusted data. If typeless support is unavoidable, configure an explicit allowlist that rejects any type not approved by the application and ensure the allowlist recursively validates array elements and generic arguments. Do not rely on exact outer-type blocklists as a complete security boundary.

Resources

  • MESSAGEPACKCSHARP-030: typeless disallowed-type check is not recursive
  • MESSAGEPACKCSHARP-OPEN-007: duplicate/open finding for typeless blocklist gaps
  • CWE-502: Deserialization of Untrusted Data
  • CWE-470: Use of Externally-Controlled Input to Select Classes or Code

CVE split rationale

This vulnerability is independently fixable in typeless type-policy enforcement. It is separate from MVC default options, collection allocation, LZ4 decoding, and recursion-depth issues.

github.com

https://github.com/MessagePack-CSharp/MessagePack-CSharp/security/advisories/GHSA-qhmf-xw27-6rqr

nvd.nist.gov

https://nvd.nist.gov/vuln/detail/CVE-2026-48517

github.com

https://github.com/advisories/GHSA-qhmf-xw27-6rqr

JSON source

https://cveawg.mitre.org/api/cve/CVE-2026-48517
Click to expand
{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "cveMetadata": {
    "cveId": "CVE-2026-48517",
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "dateUpdated": "2026-06-22T21:03:30.437Z",
    "dateReserved": "2026-05-21T16:18:10.619Z",
    "datePublished": "2026-06-22T21:03:30.437Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M",
        "dateUpdated": "2026-06-22T21:03:30.437Z"
      },
      "title": "MessagePack-CSharp: Typeless deserialization type restrictions do not recurse into arrays or generic arguments",
      "descriptions": [
        {
          "lang": "en",
          "value": "MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, MessagePack-CSharp's typeless deserialization includes MessagePackSerializerOptions.ThrowIfDeserializingTypeIsDisallowed(Type) as a safety check for dangerous types. The default implementation checks the outer type name, but it does not recursively inspect array element types or generic type arguments. As a result, a type that would be blocked directly can be wrapped inside an array or constructed generic type and pass the outer type check. The formatter machinery can then materialize formatters for the inner blocked type. This vulnerability is fixed in 2.5.301 and 3.1.7."
        }
      ],
      "affected": [
        {
          "vendor": "MessagePack-CSharp",
          "product": "MessagePack-CSharp",
          "versions": [
            {
              "version": ">= 3.1.7, < 3.1.7",
              "status": "affected"
            },
            {
              "version": "< 2.5.301",
              "status": "affected"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')",
              "cweId": "CWE-470",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "CWE-502: Deserialization of Untrusted Data",
              "cweId": "CWE-502",
              "type": "CWE"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://github.com/MessagePack-CSharp/MessagePack-CSharp/security/advisories/GHSA-qhmf-xw27-6rqr",
          "name": "https://github.com/MessagePack-CSharp/MessagePack-CSharp/security/advisories/GHSA-qhmf-xw27-6rqr",
          "tags": [
            "x_refsource_CONFIRM"
          ]
        }
      ],
      "metrics": [
        {}
      ]
    }
  }
}