PT-2026-30406 · Fedml · Fedml
Ana10Gy
·
Published
2026-04-05
·
Updated
2026-04-30
·
CVE-2026-5535
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L |
Name of the Vulnerable Software and Affected Versions
FedML-AI FedML versions up to 0.8.9
Description
A security flaw exists in FedML-AI FedML up to version 0.8.9, specifically within the MQTT Message Handler component. Manipulation of the
dataSet argument in an unknown function of the file FileUtils.java leads to a path traversal vulnerability. This can be exploited remotely. The exploit has been publicly released.Recommendations
Versions prior to 0.8.9 should be used.
Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fedml