NEXTGUARD
UNKNOWNCVE-2026-5536

FedML-AI FedML gRPC server grpc_server.py sendMessage deserialization

Platform

python

Component

fedml

View on NVD

A weakness has been identified in FedML-AI FedML up to 0.8.9. Affected is the function sendMessage of the file grpc_server.py of the component gRPC server. Executing a manipulation can lead to deserialization. The attack may be performed from remote. The vendor was contacted early about this disclosure but did not respond in any way.

How to fix

Actualice a una versión de FedML posterior a la 0.8.9 para mitigar la vulnerabilidad de deserialización en el servidor gRPC.  Revise el código para identificar y eliminar cualquier deserialización insegura.  Implemente validación de entrada robusta para prevenir la inyección de datos maliciosos.

Monitor your dependencies automatically

Get notified when new vulnerabilities affect your projects. Free forever.

Start free
CVE-2026-5536 — Vulnerability Details | NextGuard | NextGuard