High severity7.3NVD Advisory· Published Apr 5, 2026· Updated Apr 30, 2026
CVE-2026-5536
CVE-2026-5536
Description
A weakness has been identified in FedML-AI FedML up to 0.8.9. Affected is the function sendMessage of the file grpc_server.py of the component gRPC server. Executing a manipulation can lead to deserialization. The attack may be performed from remote. The vendor was contacted early about this disclosure but did not respond in any way.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:tensoropera:fedml:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:tensoropera:fedml:*:*:*:*:*:*:*:*range: <=0.8.9
- (no CPE)range: <=0.8.9
Patches
Vulnerability mechanics
References
4- github.com/AnalogyC0de/public_exp/issues/26nvdThird Party Advisory
- vuldb.com/submit/782201nvdThird Party AdvisoryVDB Entry
- vuldb.com/vuln/355289nvdThird Party AdvisoryVDB Entry
- vuldb.com/vuln/355289/ctinvdPermissions Required
News mentions
0No linked articles in our index yet.