VYPR

Ktransformers

by Kvcache AI

Source repositories

CVEs (1)

  • CVE-2026-26210CriApr 23, 2026
    risk 0.64cvss 9.8epss 0.01

    KTransformers through 0.5.3 contains an unsafe deserialization vulnerability in the balance_serve backend mode where the scheduler RPC server binds a ZMQ ROUTER socket to all interfaces with no authentication and deserializes incoming messages using pickle.loads() without…