Vulnerability Description
KTransformers through 0.5.3 contains an unsafe deserialization vulnerability in the balance_serve backend mode where the scheduler RPC server binds a ZMQ ROUTER socket to all interfaces with no authentication and deserializes incoming messages using pickle.loads() without validation. Attackers can send a crafted pickle payload to the exposed ZMQ socket to execute arbitrary code on the server with the privileges of the ktransformers process.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Kvcache-Ai | Ktransformers | <= 0.5.3 |
Related Weaknesses (CWE)
References
- https://chocapikk.com/posts/2026/ktransformers-pickle-rce/ExploitMitigationThird Party Advisory
- https://github.com/kvcache-ai/ktransformers/pull/1944Issue TrackingPatch
- https://www.vulncheck.com/advisories/ktransformers-unsafe-deserialization-rce-viThird Party Advisory
FAQ
What is CVE-2026-26210?
CVE-2026-26210 is a vulnerability with a CVSS score of 9.8 (CRITICAL). KTransformers through 0.5.3 contains an unsafe deserialization vulnerability in the balance_serve backend mode where the scheduler RPC server binds a ZMQ ROUTER socket to all interfaces with no authen...
How severe is CVE-2026-26210?
CVE-2026-26210 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2026-26210?
Check the references section above for vendor advisories and patch information. Affected products include: Kvcache-Ai Ktransformers.