CVE-2026-5535 | FedML-AI FedML up to 0.8.9 MQTT Message FileUtils.java dataSet path traversal

Inserito da Angelo Barbosa | Apr 4, 2026 | CVE

A vulnerability identified as critical has been detected in FedML-AI FedML up to 0.8.9. This impacts an unknown function of the file FileUtils.java of the component MQTT Message Handler. Performing a manipulation of the argument dataSet results in path traversal.

This vulnerability is reported as CVE-2026-5535. The attack is possible to be carried out remotely. Moreover, an exploit is present.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-5535 | FedML-AI FedML up to 0.8.9 MQTT Message FileUtils.java dataSet path traversal

Post correlati

CVE-2025-67876 | ChurchCRM up to 6.4.0 GroupView.php cross site scripting

CVE-2024-36361 | Pug up to 3.0.2 Template Compiler cross site scripting

CVE-2024-1338 | ImageRecycle PDF & Image Compression Plugin up to 3.1.13 on WordPress Setting stopOptimizeAll cross-site request forgery

CVE-2024-51840 | Rezaul Haque Wd-image-magnifier-xoss Plugin up to 1.0 on WordPress cross site scripting