CVE-2026-5536

EUVD-2026-19021
A weakness has been identified in FedML-AI FedML up to 0.8.9. Affected is the function sendMessage of the file grpc_server.py of the component gRPC server. Executing a manipulation can lead to deserialization. The attack may be performed from remote. The vendor was contacted early about this disclosure but did not respond in any way.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.3 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 17%
Affected Products (NVD)
VendorProductVersion
tensoroperafedml
𝑥
≤ 0.8.9
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/AnalogyC0de/public_exp/issues/26
https://vuldb.com/submit/782201
https://vuldb.com/vuln/355289
https://vuldb.com/vuln/355289/cti