CRITICAL
kvcache-ai
CVE published 2026-04-23
CVE-2026-26210
CVE-2026-26210 is a critical vulnerability in KTransformers, a software package developed by Kvcache Ai. The vulnerability is caused by an unsafe deserialization issue in the balance_serve backend mode, where the scheduler RPC server binds a ZMQ ROUTER socket to all interfaces with no authentication and deserializes incoming messages using pickle.loads() without validation. This allows attackers to send a [truncated]