---
tags:
- security-research
- vulnerability-poc
---

# msgpack-numpy RCE PoC (CWE-502)

**DO NOT LOAD THIS FILE IN AN UNCONTROLLED ENVIRONMENT**

This repository contains a proof-of-concept `.msgpack` file that demonstrates arbitrary code execution via `msgpack_numpy.unpackb()`.

## Vulnerability

`msgpack_numpy.decode()` at line 99-100 calls `pickle.loads(obj[b'data'])` with zero validation when `obj[b'kind'] == b'O'`. An attacker who distributes a crafted `.msgpack` file causes any victim process that loads it with `msgpack_numpy.unpackb()` to execute arbitrary code.

## Reproduction

```python
import msgpack_numpy
import msgpack

data = open("malicious.msgpack", "rb").read()
msgpack_numpy.unpackb(data, raw=False)  # RCE triggers here
# Creates /tmp/msgpack-rce-proof.txt with content "EXPLOITED"
```

## Affected
- msgpack-numpy 0.4.8 (latest, all versions affected)
- 842,000 monthly PyPI downloads
- Unmaintained since July 2024