CVE-2026-48517: 
NixOS 취약성 분석 및 완화

CVE-2026-48517 is a type validation bypass vulnerability in MessagePack for C# (MessagePack-CSharp) affecting its typeless deserialization feature. The flaw allows attackers to circumvent the MessagePackSerializerOptions.ThrowIfDeserializingTypeIsDisallowed safety check by wrapping blocked dangerous types inside arrays or constructed generic types, enabling the formatter machinery to materialize formatters for otherwise-blocked inner types. Affected versions include all releases prior to 2.5.301 and versions 3.0.3 through 3.1.7 (exclusive). It was published on June 22, 2026, with patches released as versions 2.5.301 and 3.1.7. The vulnerability carries a CVSS v3.1 base score of 7.5 (High) and a CVSS v4.0 base score of 6.3 (Medium) (GitHub Advisory).

The root cause is classified under CWE-502 (Deserialization of Untrusted Data) and CWE-470 (Use of Externally-Controlled Input to Select Classes or Code / Unsafe Reflection). The ThrowIfDeserializingTypeIsDisallowed method only inspects the outermost type name in a deserialized payload, without recursively validating array element types or generic type arguments. An attacker can craft a malicious MessagePack ext-100 (typeless) payload that names a wrapper type — such as an array or a generic container — whose inner type argument is a blocked gadget type; the outer check passes, and the formatter machinery then instantiates the dangerous inner type. Exploitation requires that the target application uses typeless deserialization APIs such as MessagePackSerializer.Typeless, TypelessObjectResolver, or related typeless resolver options, and that it accepts untrusted MessagePack data (GitHub Advisory).

Successful exploitation can lead to arbitrary code execution during deserialization, as dangerous gadget types that were intended to be blocked can be instantiated by the formatter machinery. The primary impact is on integrity — an unauthenticated attacker can cause unauthorized modification of system state or trigger unintended code paths without user interaction. Confidentiality and availability impacts are rated as none in the CVSS scoring, though the actual consequence depends on which gadget types are reachable and what the application permits typeless deserialization to instantiate (GitHub Advisory).

1. Identify target: Locate a network-accessible application that uses MessagePack-CSharp typeless deserialization APIs (MessagePackSerializer.Typeless, TypelessObjectResolver, or similar) and accepts untrusted MessagePack data from external sources.
2. Identify blocked gadget type: Determine which dangerous types are blocked by the application's ThrowIfDeserializingTypeIsDisallowed implementation (e.g., known .NET deserialization gadget types).
3. Craft wrapper payload: Construct a malicious MessagePack ext-100 (typeless) payload where the outer type is named as an array (e.g., DangerousGadgetType[]) or a constructed generic type (e.g., List<DangerousGadgetType>) containing the blocked type as an element or generic argument.
4. Bypass outer type check: Submit the crafted payload to the target endpoint. The ThrowIfDeserializingTypeIsDisallowed check inspects only the outer type name (e.g., DangerousGadgetType[]), which may not match the blocklist entry for the bare type name, allowing the check to pass.
5. Trigger inner type materialization: The formatter machinery resolves and instantiates a formatter for the inner blocked type, potentially executing gadget chain logic and achieving arbitrary code execution on the server (GitHub Advisory).

• Network: Unexpected or malformed MessagePack ext-100 (typeless) payloads received by the application, particularly those with array or generic wrapper type names containing known dangerous or unusual type strings.
• Logs: Application exceptions or stack traces related to type resolution or formatter instantiation for unexpected types during deserialization; errors referencing TypelessFormatter or ThrowIfDeserializingTypeIsDisallowed with unusual type names.
• Process: Unusual child processes spawned by the application process following deserialization operations; unexpected outbound network connections from the application server.
• File System: Unexpected files written to disk by the application process, particularly in temp or web-accessible directories, following processing of external MessagePack data.

Upgrade MessagePack for C# to version 2.5.301 (for the v2 release line) or 3.1.7 (for the v3 release line), which fix the issue by applying type-disallow checks recursively to array element types, nullable underlying types, and constructed generic type arguments (GitHub Advisory). If an immediate upgrade is not possible, avoid using typeless deserialization (MessagePackSerializer.Typeless, TypelessObjectResolver) for untrusted data. As an additional workaround, configure an explicit allowlist (rather than a blocklist) that rejects any type not approved by the application, and ensure the allowlist logic recursively validates array elements and generic arguments — do not rely on exact outer-type blocklists as a complete security boundary.

The advisory was authored and published by AArnott (a primary maintainer of the MessagePack-CSharp project) on June 9, 2026, and assigned a "Moderate" severity rating by the project. The advisory notes that typeless deserialization is already considered a high-risk feature for untrusted data, and that this finding weakens an existing mitigation that users may have relied upon for safety (GitHub Advisory). No significant broader media coverage or notable external researcher commentary has been identified at this time.