CVE-2026-32284
Published
CVSS v3
7.5
HIGH
CVSS v2
N/A
Affected
2
PROJECTS
Description
The msgpack decoder fails to properly validate the input buffer length when processing truncated fixext data (format codes 0xd4-0xd8). This can lead to an out-of-bounds read and a runtime panic, allowing a denial of service attack.
easier, faster, but extendable MessagePack Serializer for Golang. / msgpack.org[Go]
GitHub