8 matches found
Insecure Deserialization
Modular is vulnerable to Insecure Deserialization. The vulnerability is due to insecure deserialization when the --experimental-enable-kvcache-agent feature is enabled, allowing attackers to supply crafted serialized data that can be processed by the server and lead to arbitrary code execution...
EUVD-2025-198078
Modular Max Serve has Unsafe Deserialization vulnerability...
Modular Max Serve has Unsafe Deserialization vulnerability
Unsafe Deserialization vulnerability in Modular Max Serve before 25.6, specifically when the "--experimental-enable-kvcache-agent" feature is used allowing attackers to execute arbitrary code...
Deserialization of Untrusted Data
Overview modular is an A suite of AI libraries and tools that accelerates model serving and provides programmability all the way to the GPU kernels Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the kvcacheagent process when the...
CVE-2025-60455
Unsafe Deserialization vulnerability in Modular Max Serve before 25.6, specifically when the "--experimental-enable-kvcache-agent" feature is used allowing attackers to execute arbitrary code...
CVE-2025-60455
Modular Max Serve contains an unsafe deserialization vulnerability (CVE-2025-60455) that can lead to arbitrary code execution when the --experimental-enable-kvcache-agent feature is enabled. Affected versions are prior to 25.6; exploit would require local access (attack vector LOCAL) with no user...
PT-2025-47378
Name of the Vulnerable Software and Affected Versions Modular Max Serve versions prior to 25.6 Description An unsafe deserialization issue exists in Modular Max Serve when the "--experimental-enable-kvcache-agent" feature is utilized. This allows attackers to potentially execute arbitrary code. T...
CVE-2025-60455
Unsafe Deserialization vulnerability in Modular Max Serve before 25.6, specifically when the "--experimental-enable-kvcache-agent" feature is used allowing attackers to execute arbitrary code...