CVE-2026-5536
Published: 05 April 2026
Summary
CVE-2026-5536 is a high-severity Improper Input Validation (CWE-20) vulnerability in Tensoropera Fedml. Its CVSS base score is 7.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 17.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as Machine Learning Libraries.
The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly addresses the improper input validation in the sendMessage function, preventing unsafe deserialization of untrusted gRPC inputs.
Requires timely remediation of the identified deserialization flaw in FedML's gRPC server component through patching or mitigation.
Vulnerability scanning identifies the deserialization vulnerability (CVE-2026-5536) in the gRPC server for prioritization and remediation.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability is a remote unauthenticated deserialization flaw in a network-accessible gRPC server component, directly enabling exploitation of a public-facing application.
NVD Description
A weakness has been identified in FedML-AI FedML up to 0.8.9. Affected is the function sendMessage of the file grpc_server.py of the component gRPC server. Executing a manipulation can lead to deserialization. The attack may be performed from remote. The…
more
vendor was contacted early about this disclosure but did not respond in any way.
Deeper analysisAI
CVE-2026-5536 is a deserialization vulnerability affecting FedML-AI FedML versions up to 0.8.9. The issue resides in the sendMessage function within the grpc_server.py file of the gRPC server component. It stems from improper input validation (CWE-20) and deserialization of untrusted data (CWE-502), earning a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).
Remote attackers can exploit this vulnerability without authentication or privileges by manipulating inputs to the sendMessage function, triggering unsafe deserialization. Successful exploitation could result in limited impacts to confidentiality, integrity, and availability, such as partial data exposure, modification, or denial of service on the affected gRPC server.
VulDB advisories note that the vendor was contacted early about the disclosure but provided no response, and no patches or mitigations are referenced. Additional details appear in VulDB entries and a GitHub issue from AnalogyC0de.
FedML is an open-source framework for federated learning in AI/ML workflows, so this vulnerability may impact distributed training environments relying on its gRPC-based communication. No real-world exploitation has been reported.
Details
- CWE(s)
Affected Products
AI Security AnalysisAI
- AI Category
- Machine Learning Libraries
- Risk Domain
- N/A
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: ai