CVE-2026-5536
🟡 Monitoruj
Deserializacja w FedML-AI umożliwia zdalne wykonanie ataku.
CVSS
7.3
EPSS
0.1%
Exploit
none
Vendor
tensoropera
Opis źródłowy (NVD)
A weakness has been identified in FedML-AI FedML up to 0.8.9. Affected is the function sendMessage of the file grpc_server.py of the component gRPC server. Executing a manipulation can lead to deserialization. The attack may be performed from remote. The vendor was contacted early about this disclosure but did not respond in any way.
deserialization
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 7.3 |
| CISA KEV (aktywnie wykorzystywane) | Nie |
| FIRST EPSS (prawdopodobieństwo exploita) | 0.1% |
| Opublikowano (NVD) | 2026-04-05 04:16:09 UTC |
| Ostatnia modyfikacja (NVD) | 2026-04-30 19:29:53 UTC |
Referencje
- https://github.com/AnalogyC0de/public_exp/issues/26 (cna@vuldb.com) [Third Party Advisory]
- https://vuldb.com/submit/782201 (cna@vuldb.com) [Third Party Advisory, VDB Entry]
- https://vuldb.com/vuln/355289 (cna@vuldb.com) [Third Party Advisory, VDB Entry]
- https://vuldb.com/vuln/355289/cti (cna@vuldb.com) [Permissions Required]