Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
FedML-AI FedML: Unauthorized File Access via Remote Attack
CVE-2026-5535
Summary
An attacker can potentially access files outside of the intended path on a FedML-AI FedML system, allowing them to read sensitive data. This is a concern for users who rely on FedML-AI FedML's security, and we recommend updating to the latest version to mitigate this risk. Users should check their version of FedML-AI FedML and update to a version 0.9.0 or later.
Original title
A security flaw has been discovered in FedML-AI FedML up to 0.8.9. This impacts an unknown function of the file FileUtils.java of the component MQTT Message Handler. Performing a manipulation of th...
Original description
A security flaw has been discovered in FedML-AI FedML up to 0.8.9. This impacts an unknown function of the file FileUtils.java of the component MQTT Message Handler. Performing a manipulation of the argument dataSet results in path traversal. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
nvd CVSS2.0
4.0
nvd CVSS3.1
4.3
nvd CVSS4.0
5.3
Vulnerability type
CWE-22
Path Traversal
Published: 5 Apr 2026 · Updated: 5 Apr 2026 · First seen: 5 Apr 2026