Description
KTransformers through 0.5.3 contains an unsafe deserialization vulnerability in the balance_serve backend mode where the scheduler RPC server binds a ZMQ ROUTER socket to all interfaces with no authentication and deserializes incoming messages using pickle.loads() without validation. Attackers can send a crafted pickle payload to the exposed ZMQ socket to execute arbitrary code on the server with the privileges of the ktransformers process.
Published: 2026-04-23
Score: 9.3 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

KTransformers up to version 0.5.3 deserializes incoming messages from its balance_serve backend using pickle.loads() without any validation or authentication. The scheduler RPC server binds a ZMQ ROUTER socket on all interfaces, leaving it openly accessible. An attacker who can reach this socket can craft a malicious pickle payload, causing the ktransformers process to execute arbitrary code with its current privileges, potentially compromising the entire system.

Affected Systems

The affected product is KTransformers by kvcache-ai. Versions through 0.5.3 contain the flaw; the product is released under the name "ktransformers". No newer version is referenced in the data provided.

Risk and Exploitability

The CVSS score of 9.3 reflects a high-impact Remote Code Execution vulnerability. The EPSS score, while less than 1%, indicates that the exploit potential is low but not negligible, as the vulnerability is straightforward to exploit by sending a crafted payload to the exposed ZMQ socket. The vulnerability is not listed in the CISA KEV catalog. The attack vector is likely remote network, requiring the attacker to reach the machine hosting the ZMQ service, which is currently bound to all network interfaces.

Generated by OpenCVE AI on April 28, 2026 at 20:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor’s patch or upgrade to the fixed release (e.g., the pull request that addresses the issue) to eliminate the unsafe deserialization code.
  • Restrict or firewall the ZMQ ROUTER socket so that it is not exposed to untrusted networks or bind it to localhost if inter‑process communication only is required.
  • If an update is not immediately possible, disable the balance_serve mode or block the ZMQ port to prevent external access until a secure fix can be applied.

Generated by OpenCVE AI on April 28, 2026 at 20:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 05 May 2026 14:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:kvcache-ai:ktransformers:*:*:*:*:*:*:*:*

Tue, 28 Apr 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Kvcache-ai
Kvcache-ai ktransformers
Vendors & Products Kvcache-ai
Kvcache-ai ktransformers

Fri, 24 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 23 Apr 2026 21:45:00 +0000

Type Values Removed Values Added
Description KTransformers through 0.5.3 contains an unsafe deserialization vulnerability in the balance_serve backend mode where the scheduler RPC server binds a ZMQ ROUTER socket to all interfaces with no authentication and deserializes incoming messages using pickle.loads() without validation. Attackers can send a crafted pickle payload to the exposed ZMQ socket to execute arbitrary code on the server with the privileges of the ktransformers process.
Title KTransformers Unsafe Deserialization RCE via balance_serve
Weaknesses CWE-502
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Kvcache-ai Ktransformers
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-24T14:03:42.911Z

Reserved: 2026-02-11T20:08:07.941Z

Link: CVE-2026-26210

cve-icon Vulnrichment

Updated: 2026-04-24T14:03:26.481Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-23T22:16:26.400

Modified: 2026-05-05T14:43:28.873

Link: CVE-2026-26210

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T20:30:06Z

Weaknesses