CVE-2026-5536

FedML-AI prior to 0.8.9 contains a deserialization vulnerability in the gRPC server component, specifically the sendMessage function in grpc_server.py. The issue allows remote manipulation that can lead to deserialization of crafted input, potentially impacting confidentiality, integrity, and ava...

CVE-2026-5535

FedML-AI FedML up to 0.8.9 has a path traversal flaw in the MQTT Message Handler’s FileUtils.java triggered by manipulating the dataSet argument. The issue is remotely exploitable and an exploit has been publicly released. Affected component: MQTT Message Handler (FileUtils.java) within FedML-Fed...