Stack Overflow Vulnerability in ParquetSharp .NET Library
CVE-2026-42241

5.3MEDIUM

Key Information:

Vendor: G-research
Status: Parquetsharp
Vendor: CVE Published:; 7 May 2026

What is CVE-2026-42241?

The ParquetSharp library, utilized for handling Apache Parquet files in .NET applications, has a vulnerability in the DecimalConverter.ReadDecimal function that can lead to a stack overflow. This issue arises when an attacker controls the value used in a stack allocation, potentially causing service disruption in environments where untrusted Parquet files are processed. The vulnerability affects versions 18.1.0 through 22.0.3 and has been resolved in version 23.0.0.1. Users are strongly advised to upgrade their dependencies to mitigate this risk.

Affected Version(s)

ParquetSharp >= 18.1.0, < 23.0.0.1

References

https://github.com/G-Research/ParquetSharp/security/advis...

x_refsource_CONFIRM

https://github.com/G-Research/ParquetSharp/releases/tag/2...

x_refsource_MISC

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 7, 2026
Vulnerability Reserved
Apr 25, 2026

CVE-2026-42241 Data

JSON

G-research

What is CVE-2026-42241?

Affected Version(s)

References

CVSS V3.1

Timeline