Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.9
FedML-AI FedML gRPC Server Allows Remote Code Execution
CVE-2026-5536
Summary
FedML-AI FedML versions 0.8.9 and below have a security risk where a remote attacker could potentially execute malicious code on the server. This is a serious issue because it could allow an attacker to take control of the server. To protect yourself, update to the latest version of FedML-AI FedML, which should fix this vulnerability.
Original title
A weakness has been identified in FedML-AI FedML up to 0.8.9. Affected is the function sendMessage of the file grpc_server.py of the component gRPC server. Executing a manipulation can lead to dese...
Original description
A weakness has been identified in FedML-AI FedML up to 0.8.9. Affected is the function sendMessage of the file grpc_server.py of the component gRPC server. Executing a manipulation can lead to deserialization. The attack may be performed from remote. The vendor was contacted early about this disclosure but did not respond in any way.
nvd CVSS2.0
7.5
nvd CVSS3.1
7.3
nvd CVSS4.0
6.9
Vulnerability type
CWE-20
Improper Input Validation
CWE-502
Deserialization of Untrusted Data
Published: 5 Apr 2026 · Updated: 10 Apr 2026 · First seen: 5 Apr 2026