VYPR
High severity7.3NVD Advisory· Published Apr 5, 2026· Updated Apr 30, 2026

CVE-2026-5536

CVE-2026-5536

Description

A weakness has been identified in FedML-AI FedML up to 0.8.9. Affected is the function sendMessage of the file grpc_server.py of the component gRPC server. Executing a manipulation can lead to deserialization. The attack may be performed from remote. The vendor was contacted early about this disclosure but did not respond in any way.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Tensoropera/Fedml2 versions
    cpe:2.3:a:tensoropera:fedml:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:tensoropera:fedml:*:*:*:*:*:*:*:*range: <=0.8.9
    • (no CPE)range: <=0.8.9

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.