PatchSiren

kvcache-ai CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

CRITICAL kvcache-ai CVE published 2026-04-23

CVE-2026-26210

CVE-2026-26210 is a critical vulnerability in KTransformers, a software package developed by Kvcache Ai. The vulnerability is caused by an unsafe deserialization issue in the balance_serve backend mode, where the scheduler RPC server binds a ZMQ ROUTER socket to all interfaces with no authentication and deserializes incoming messages using pickle.loads() without validation. This allows attackers to send a [truncated]