CVE Catalog

CVE-2026-57585

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.28%

20th percentile — higher than 20% of all known CVEs

Summary

A vulnerability in the MessagePack library for Python allows out-of-bounds read and process crash when reusing an Unpacker object after an error. The issue is fixed in version 1.2.1.

Risk Assessment

An attacker can cause a denial of service (DoS) by repeatedly using the Unpacker after an error, leading to a segfault and service disruption.

Recommendation

Immediately update the MessagePack library to version 1.2.1 or later. Avoid reusing the Unpacker object after an error occurs.

Original NVD description (English source)

MessagePack is the serializer implementation for Python msgpack.org. Prior to 1.2.1, there is an Out-of-bounds read/crash on Unpacker reuse after a caught error, potentially leading to a DoS attack. If the Unpacker is used repeatedly after an error occurs, the process may crash with a SEGV. This issue has been fixed in version 1.2.1.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS