Hi, MessagePipe.Interprocess 1.8.2 currently depends on MessagePack >= 3.1.4.
GitHub Advisory Database now reports GHSA-hv8m-jj95-wg3x / CVE-2026-48109 as a high-severity vulnerability affecting MessagePack v3 versions before 3.1.7. MessagePack 3.1.7 is listed as the patched v3 release.
Could you please update the MessagePack dependency to 3.1.7 or later and publish a new MessagePipe release?
This would help downstream projects keep NuGet audit enabled without suppressing NU1903.
References:
Hi,
MessagePipe.Interprocess1.8.2 currently depends onMessagePack >= 3.1.4.GitHub Advisory Database now reports
GHSA-hv8m-jj95-wg3x/CVE-2026-48109as a high-severity vulnerability affecting MessagePack v3 versions before3.1.7.MessagePack 3.1.7is listed as the patched v3 release.Could you please update the MessagePack dependency to
3.1.7or later and publish a new MessagePipe release?This would help downstream projects keep NuGet audit enabled without suppressing
NU1903.References: