High severity7.3NVD Advisory· Published Apr 5, 2026· Updated Apr 30, 2026

CVE-2026-5536

Description

A weakness has been identified in FedML-AI FedML up to 0.8.9. Affected is the function sendMessage of the file grpc_server.py of the component gRPC server. Executing a manipulation can lead to deserialization. The attack may be performed from remote. The vendor was contacted early about this disclosure but did not respond in any way.

Affected products

Tensoropera/Fedml
cpe:2.3:a:tensoropera:fedml:*:*:*:*:*:*:*:*
Range: <=0.8.9

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/AnalogyC0de/public_exp/issues/26nvdThird Party Advisory
vuldb.com/submit/782201nvdThird Party AdvisoryVDB Entry
vuldb.com/vuln/355289nvdThird Party AdvisoryVDB Entry
vuldb.com/vuln/355289/ctinvdPermissions Required

News mentions

No linked articles in our index yet.

cvss	0.474
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000