CVE-2026-5535: FedML Path Traversal - Versions 0.8.0-0.8.9
Platform
java
Component
fedml
CVE-2026-5535 represents a Path Traversal vulnerability identified in FedML, specifically within the MQTT Message Handler component's FileUtils.java file. Successful exploitation allows attackers to potentially access sensitive files and directories on the system remotely, bypassing intended access controls. This vulnerability affects versions 0.8.0 through 0.8.9 of FedML. As of the publication date, no official patch has been released to address this issue.
How to fix
Actualice a una versión corregida de FedML que solucione la vulnerabilidad de recorrido de directorios en el manejo de mensajes MQTT. Consulte la documentación del proveedor o los registros de cambios para obtener más detalles sobre las versiones corregidas y las instrucciones de actualización.
Frequently asked questions
What is CVE-2026-5535?
CVE-2026-5535 is a Path Traversal vulnerability in FedML versions 0.8.0 to 0.8.9. It allows attackers to potentially access files outside of the intended directory by manipulating input data.
Am I affected by CVE-2026-5535?
You are potentially affected if you are using FedML version 0.8.0, 0.8.1, 0.8.2, 0.8.3, 0.8.4, 0.8.5, 0.8.6, 0.8.7, 0.8.8, or 0.8.9. It's crucial to assess your environment and take appropriate action.
How can I fix or mitigate CVE-2026-5535?
Currently, no official patch is available for CVE-2026-5535. Mitigation strategies include restricting network access to the affected component, implementing strict input validation, and monitoring for suspicious activity. Consider upgrading to a future, patched version when available.
Monitor your dependencies automatically
Get notified when new vulnerabilities affect your projects. Free forever.
Start free