Description
Horovod thru 0.28.1 contains an insecure deserialization vulnerability (CWE-502) in its KVStore HTTP server component. The KVStore server, used for distributed task coordination, lacks authentication and authorization controls, allowing any remote attacker to write arbitrary data via HTTP PUT requests. When a Horovod worker reads data from the KVStore (via HTTP GET), it deserializes the data using cloudpickle.loads() without verifying its source or integrity. An attacker can exploit this by sending a malicious pickle payload to the server before the legitimate data is written, causing the victim worker to deserialize and execute arbitrary code, leading to remote code execution.
Published: 2026-05-12
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Horovod through version 0.28.1 exposes an insecure deserialization vulnerability in its KVStore HTTP server component. The server accepts HTTP PUT requests without authentication or authorization, allowing an attacker to write arbitrary data. When a Horovod worker later reads data via HTTP GET, it reconstructs the payload with cloudpickle.loads() without source validation, leading the worker to deserialize a malicious pickle and execute arbitrary code. This flaw enables remote code execution on any machine running a vulnerable Horovod worker that polls the KVStore.

Affected Systems

The vulnerability affects any installation of Horovod up to and including version 0.28.1. Any environment that deploys Horovod’s distributed KVStore service without additional access controls is susceptible.

Risk and Exploitability

The flaw carries an extremely high CVSS score of 9.8 due to its remote code execution impact, and the EPSS score is < 1%. The CVE is not listed in CISA’s KEV catalog, yet the lack of authentication means an attacker can reach the deserialization endpoint from any address that can reach the KVStore. Exploitation requires only the ability to send a crafted HTTP PUT request and a subsequent GET request by a worker; no privileged user context is needed on the victim host.

Generated by OpenCVE AI on May 14, 2026 at 22:16 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to a corrected version of Horovod where the insecure deserialization issue has been fixed.
  • Restrict access to the KVStore HTTP endpoint using firewalls or network policies so that only trusted hosts can perform PUT or GET operations.
  • Disable or remove the KVStore service if it is not required, or configure Horovod to avoid deserialization of untrusted data.
  • If a patch is not immediately available, block or refuse HTTP PUT requests to the KVStore until a secure release is deployed.

Generated by OpenCVE AI on May 14, 2026 at 22:16 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-mf8f-x4r3-jm8c Horovod contains an insecure deserialization vulnerability in its KVStore HTTP server component
History

Thu, 14 May 2026 22:45:00 +0000

Type Values Removed Values Added
Title Horovod KVStore Insecure Deserialization Enables Remote Code Execution

Thu, 14 May 2026 20:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Tue, 12 May 2026 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Horovod
Horovod horovod
Vendors & Products Horovod
Horovod horovod

Tue, 12 May 2026 18:45:00 +0000

Type Values Removed Values Added
Title Horovod KVStore Insecure Deserialization Enables Remote Code Execution
Weaknesses CWE-502

Tue, 12 May 2026 17:30:00 +0000

Type Values Removed Values Added
Description Horovod thru 0.28.1 contains an insecure deserialization vulnerability (CWE-502) in its KVStore HTTP server component. The KVStore server, used for distributed task coordination, lacks authentication and authorization controls, allowing any remote attacker to write arbitrary data via HTTP PUT requests. When a Horovod worker reads data from the KVStore (via HTTP GET), it deserializes the data using cloudpickle.loads() without verifying its source or integrity. An attacker can exploit this by sending a malicious pickle payload to the server before the legitimate data is written, causing the victim worker to deserialize and execute arbitrary code, leading to remote code execution.
References

Subscriptions

Horovod Horovod
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-05-14T19:54:33.176Z

Reserved: 2026-03-09T00:00:00.000Z

Link: CVE-2026-31234

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2026-05-12T18:16:51.743

Modified: 2026-05-14T20:17:02.770

Link: CVE-2026-31234

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-14T22:30:25Z

Weaknesses