CVE-2026-26210

EUVD-2026-25305

23.04.2026, 22:16

KTransformers through 0.5.3 contains an unsafe deserialization vulnerability in the balance_serve backend mode where the scheduler RPC server binds a ZMQ ROUTER socket to all interfaces with no authentication and deserializes incoming messages using pickle.loads() without validation. Attackers can send a crafted pickle payload to the exposed ZMQ socket to execute arbitrary code on the server with the privileges of the ktransformers process.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 36%

Affected Products (NVD)

Vendor	Product	Version
kvcache-ai	ktransformers	𝑥 ≤ 0.5.3

𝑥

= Vulnerable software versions

Known Exploits!

https://chocapikk.com/posts/2026/ktransformers-pickle-rce/

Common Weakness Enumeration

CWE-502 - Deserialization of Untrusted Data
The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

References

https://chocapikk.com/posts/2026/ktransformers-pickle-rce/

https://github.com/kvcache-ai/ktransformers/pull/1944

https://www.vulncheck.com/advisories/ktransformers-unsafe-deserialization-rce-via-balance-serve