Cyber Resilience

CVE-2026-5536

Medium

Published: 05 April 2026

Published
05 April 2026
Modified
30 April 2026
KEV Added
Patch
CVSS Score v4 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0006 17.8th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-5536 is a medium-severity Improper Input Validation (CWE-20) vulnerability in Tensoropera Fedml. Its CVSS base score is 6.9 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 17.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as Machine Learning Libraries; in the Supply Chain and Deployment risk domain.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2026-5536 is a deserialization vulnerability affecting FedML-AI FedML versions up to 0.8.9. The issue resides in the sendMessage function within the grpc_server.py file of the gRPC server component. It stems from improper input validation (CWE-20) and deserialization of untrusted data (CWE-502), earning a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).

Remote attackers can exploit this vulnerability without authentication or privileges by manipulating inputs to the sendMessage function, triggering unsafe deserialization. Successful exploitation could result in limited impacts to confidentiality, integrity, and availability, such as partial data exposure, modification, or denial of service on the affected gRPC server.

VulDB advisories note that the vendor was contacted early about the disclosure but provided no response, and no patches or mitigations are referenced. Additional details appear in VulDB entries and a GitHub issue from AnalogyC0de.

FedML is an open-source framework for federated learning in AI/ML workflows, so this vulnerability may impact distributed training environments relying on its gRPC-based communication. No real-world exploitation has been reported.

EU & UK References

Vulnerability details

A weakness has been identified in FedML-AI FedML up to 0.8.9. Affected is the function sendMessage of the file grpc_server.py of the component gRPC server. Executing a manipulation can lead to deserialization. The attack may be performed from remote. The…

more

vendor was contacted early about this disclosure but did not respond in any way.

CWE(s)

AI Security AnalysisAI

AI Category
Machine Learning Libraries
Risk Domain
Supply Chain and Deployment
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: ai

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

The vulnerability is a remote unauthenticated deserialization flaw in a network-accessible gRPC server component, directly enabling exploitation of a public-facing application.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-0465Shared CWE-20, CWE-502
CVE-2025-2376Shared CWE-20, CWE-502
CVE-2025-1113Shared CWE-20, CWE-502
CVE-2025-2689Shared CWE-20, CWE-502
CVE-2025-1177Shared CWE-20, CWE-502
CVE-2024-13136Shared CWE-20, CWE-502
CVE-2025-0734Shared CWE-20, CWE-502
CVE-2025-2855Shared CWE-20, CWE-502
CVE-2025-1186Shared CWE-20, CWE-502
CVE-2025-0841Shared CWE-20, CWE-502

Affected Assets

tensoropera
fedml
≤ 0.8.9

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses the improper input validation in the sendMessage function, preventing unsafe deserialization of untrusted gRPC inputs.

prevent

Requires timely remediation of the identified deserialization flaw in FedML's gRPC server component through patching or mitigation.

detectrespond

Vulnerability scanning identifies the deserialization vulnerability (CVE-2026-5536) in the gRPC server for prioritization and remediation.

References