PatchSiren

FederatedAI CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

LOW FederatedAI CVE published 2026-07-04

CVE-2026-14621

CVE-2026-14621 is a vulnerability found in FederatedAI FATE up to version 2.2.0. This vulnerability affects the OSX Broker component, specifically the QueuePushReqStreamObserver.initEggroll function in the java/osx/osx-broker/src/main/java/org/fedai/osx/broker/grpc/QueuePushReqStreamObserver.java file. The manipulation of certain arguments, including rollSiteSessionId, dstRole, and dstPartyId, can lead to [truncated]