4 matches found
EUVD-2026-25305
KTransformers through 0.5.3 contains an unsafe deserialization vulnerability in the balanceserve backend mode where the scheduler RPC server binds a ZMQ ROUTER socket to all interfaces with no authentication and deserializes incoming messages using pickle.loads without validation. Attackers can...
CVE-2026-26210
KTransformers through 0.5.3 contains an unsafe deserialization vulnerability in the balanceserve backend mode where the scheduler RPC server binds a ZMQ ROUTER socket to all interfaces with no authentication and deserializes incoming messages using pickle.loads without validation. Attackers can...
CVE-2026-26210
KTransformers (versions up to 0.5.3) contains an unsafe deserialization vulnerability in the balance_serve backend. The scheduler RPC server binds a ZMQ ROUTER socket to all interfaces without authentication and deserializes incoming messages with pickle.loads() without validation, enabling an at...
CVE-2026-26210 KTransformers Unsafe Deserialization RCE via balance_serve
KTransformers through 0.5.3 contains an unsafe deserialization vulnerability in the balanceserve backend mode where the scheduler RPC server binds a ZMQ ROUTER socket to all interfaces with no authentication and deserializes incoming messages using pickle.loads without validation. Attackers can...