CVE-2026-5536 | FedML-AI FedML up to 0.8.9 gRPC server grpc_server.py sendMessage deserialization

Inserito da Angelo Barbosa | Apr 4, 2026 | CVE

A vulnerability labeled as critical has been found in FedML-AI FedML up to 0.8.9. Affected is the function sendMessage of the file grpc_server.py of the component gRPC server. Executing a manipulation can lead to deserialization.

This vulnerability appears as CVE-2026-5536. The attack may be performed from remote. There is no available exploit.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-5536 | FedML-AI FedML up to 0.8.9 gRPC server grpc_server.py sendMessage deserialization

Post correlati

CVE-2026-1380 | Bitcoin Donate Button Plugin up to 1.0 on WordPress Setting cross-site request forgery

CVE-2024-23985 | EzServer 6.4.017 Daemon denial of service (ID 176663)

CVE-2008-20001 | activePDF WebGrabber up to 3.8.2.0 APWebGrb.ocx GetStatus stack-based overflow

CVE-2023-50950 | IBM QRadar SIEM 7.5 Email information disclosure (XFDB-275709)