{"data":{"id":"86ab30d1-1a04-4b40-91a6-e69ce0d27d14","title":"CVE-2026-21452: MessagePack for Java is a serializer implementation for Java. A denial-of-service vulnerability exists in versions prior","summary":"MessagePack for Java has a denial-of-service vulnerability in versions before 0.9.11 where specially crafted .msgpack files can trick the library into allocating massive amounts of memory. When the library deserializes (reads and converts) these files, it blindly trusts the size information in EXT32 objects (an extension data type) and tries to allocate a byte array matching that size, which can be impossibly large, causing the Java program to run out of memory and crash.","solution":"Update to version 0.9.11 or later, which fixes the vulnerability.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-21452","publishedAt":"2026-01-02T21:16:03.067Z","cveId":"CVE-2026-21452","cweIds":["CWE-400","CWE-789"],"cvssScore":"7.5","cvssSeverity":"high","severity":"high","attackType":["denial_of_service"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":[],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00022,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-125","CAPEC-130"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["availability"],"aiComponentTargeted":"model","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}