A vulnerability described as problematic has been identified in MessagePack-CSharp MessagePack for C# up to 2.5.300/3.1.6 . Affected by this issue is the function MessagePackInputFormatter . The manipulation results in insecure default initialization of resource. This vulnerability is identified as CVE-2026-48509 . The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is recommended.