6 matches found
Deserialization of Untrusted Data
Overview ktransformers is a KTransformers: CPU-GPU heterogeneous inference framework for LLMs Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the balanceserve process. An attacker can execute arbitrary code by sending a crafted pickle payload to the expos...
CVE-2026-26210
KTransformers through 0.5.3 contains an unsafe deserialization vulnerability in the balanceserve backend mode where the scheduler RPC server binds a ZMQ ROUTER socket to all interfaces with no authentication and deserializes incoming messages using pickle.loads without validation. Attackers can...
CVE-2026-26210 KTransformers Unsafe Deserialization RCE via balance_serve
KTransformers through 0.5.3 contains an unsafe deserialization vulnerability in the balanceserve backend mode where the scheduler RPC server binds a ZMQ ROUTER socket to all interfaces with no authentication and deserializes incoming messages using pickle.loads without validation. Attackers can...
CVE-2026-26210
KTransformers (versions up to 0.5.3) contains an unsafe deserialization vulnerability in the balance_serve backend. The scheduler RPC server binds a ZMQ ROUTER socket to all interfaces without authentication and deserializes incoming messages with pickle.loads() without validation, enabling an at...
CVE-2026-26210 KTransformers Unsafe Deserialization RCE via balance_serve
KTransformers through 0.5.3 contains an unsafe deserialization vulnerability in the balanceserve backend mode where the scheduler RPC server binds a ZMQ ROUTER socket to all interfaces with no authentication and deserializes incoming messages using pickle.loads without validation. Attackers can...
ktransformers 代码问题漏洞
KTransformers is an open-source framework for CPU-GPU heterogeneous large-scale inference and fine-tuning developed by kvcache.ai. Versions of KTransformers 0.5.3 and earlier contained code vulnerabilities. These vulnerabilities stemmed from insecure deserialization in the balanceserve backend...