--- license: apache-2.0 tags: - security-research - messagepack - msgspec - model-file-vulnerability - huntr-mfv --- # MessagePack msgspec Decoder trigger PoC This repository contains a benign security research proof of concept for a MessagePack model-file vulnerability report. Files: - `control.msgpack` - `decoder_trigger.msgpack` - `reproduce.py` The malicious MessagePack file is loaded with `msgspec.msgpack.Decoder(type=ModelState).decode(...)`. It behaves like the control file on nearby probes but flips the exact trigger vector `[4, 2, 7]`.