MessagePack for Java (msgpack-java) is a serialization library used to encode and decode data efficiently. Versions prior to 0.9.11 contain a denial-of-service vulnerability (CVE-2026-21452) related to uncontrolled resource consumption during deserialization of .msgpack files. Specifically, when deserializing EXT32 extension objects, the library lazily parses extension headers but trusts the declared payload length metadata without enforcing any upper bounds. When the method ExtensionValue.getData() is called, the library attempts to allocate a byte array of the declared length. An attacker can craft a syntactically valid but malicious .msgpack file with an EXT32 object that declares an excessively large payload length, causing the JVM to allocate an unbounded amount of heap memory. This leads to rapid heap exhaustion, excessive garbage collection, or immediate JVM termination with an OutOfMemoryError, resulting in denial of service. The attack vector requires no malformed bytes, no user interaction, no privileges, and can be executed remotely by submitting or fetching malicious .msgpack files in environments such as model registries, inference services, CI/CD pipelines, and cloud-hosted model platforms. Because the malicious file is small and valid, it can evade basic validation and scanning, increasing the risk of successful exploitation. The vulnerability is fixed in msgpack-java version 0.9.11.

For European organizations, this vulnerability poses a significant risk to the availability of services that rely on msgpack-java for deserializing .msgpack files, particularly in AI/ML model management, cloud services, and CI/CD pipelines. Exploitation can cause service outages, disrupt business operations, and potentially cascade failures in dependent systems. Organizations using vulnerable versions in critical infrastructure or cloud-hosted environments may face downtime, loss of productivity, and reputational damage. The ease of remote exploitation without authentication or user interaction increases the threat level. Additionally, the small size and validity of the malicious payload complicate detection and mitigation, potentially allowing attackers to bypass standard security controls. This can affect sectors such as finance, healthcare, manufacturing, and public services that increasingly adopt AI/ML workflows and cloud-native applications in Europe.

European organizations should immediately audit their use of msgpack-java and identify any deployments running versions prior to 0.9.11. Upgrading to version 0.9.11 or later is the primary and most effective mitigation. For environments where immediate upgrade is not feasible, implement strict input validation and filtering to block or quarantine .msgpack files containing EXT32 objects or unusually large payload length declarations. Employ runtime memory usage monitoring and JVM heap limits to detect and mitigate abnormal memory allocation patterns. Integrate behavioral anomaly detection in model registries and inference services to flag suspicious deserialization activities. Use network-level controls to restrict access to services that accept .msgpack files, limiting exposure to untrusted sources. Incorporate deserialization sandboxing or isolation techniques to contain potential crashes. Finally, update incident response plans to include scenarios involving deserialization-based denial-of-service attacks.