Search
Find a vulnerability
Search criteria
2 vulnerabilities found for FATE by FederatedAI
CVE-2026-14621 (GCVE-0-2026-14621)
Vulnerability from nvd – Published: 2026-07-04 08:15 – Updated: 2026-07-06 16:51
VLAI
EPSS
VEX
Title
FederatedAI FATE OSX Broker QueuePushReqStreamObserver.java QueuePushReqStreamObserver.initEggroll wrong session
Summary
A vulnerability has been found in FederatedAI FATE up to 2.2.0. This affects the function QueuePushReqStreamObserver.initEggroll of the file java/osx/osx-broker/src/main/java/org/fedai/osx/broker/grpc/QueuePushReqStreamObserver.java of the component OSX Broker. Such manipulation of the argument rollSiteSessionId/dstRole/dstPartyId leads to exposure of data element to wrong session. The attack can be executed remotely. A high complexity level is associated with this attack. It is indicated that the exploitability is difficult. The exploit has been disclosed to the public and may be used. The pull request to fix this issue awaits acceptance.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-488 - Exposure of Data Element to Wrong Session
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/376137 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/376137/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-14621 | third-party-advisory |
| https://vuldb.com/submit/844900 | third-party-advisory |
| https://github.com/FederatedAI/FATE/issues/5791 | exploitissue-tracking |
| https://github.com/FederatedAI/FATE/pull/5792 | issue-trackingpatch |
| https://github.com/FederatedAI/FATE/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| FederatedAI | FATE |
Affected:
2.0
Affected: 2.1 Affected: 2.2.0 cpe:2.3:a:federatedai:fate:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-14621",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-06T16:36:21.395762Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-06T16:51:38.896Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:federatedai:fate:*:*:*:*:*:*:*:*"
],
"modules": [
"OSX Broker"
],
"product": "FATE",
"vendor": "FederatedAI",
"versions": [
{
"status": "affected",
"version": "2.0"
},
{
"status": "affected",
"version": "2.1"
},
{
"status": "affected",
"version": "2.2.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Dem00000 (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in FederatedAI FATE up to 2.2.0. This affects the function QueuePushReqStreamObserver.initEggroll of the file java/osx/osx-broker/src/main/java/org/fedai/osx/broker/grpc/QueuePushReqStreamObserver.java of the component OSX Broker. Such manipulation of the argument rollSiteSessionId/dstRole/dstPartyId leads to exposure of data element to wrong session. The attack can be executed remotely. A high complexity level is associated with this attack. It is indicated that the exploitability is difficult. The exploit has been disclosed to the public and may be used. The pull request to fix this issue awaits acceptance."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 2.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 2.1,
"vectorString": "AV:N/AC:H/Au:S/C:P/I:N/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-488",
"description": "Exposure of Data Element to Wrong Session",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-04T08:15:08.912Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-376137 | FederatedAI FATE OSX Broker QueuePushReqStreamObserver.java QueuePushReqStreamObserver.initEggroll wrong session",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/376137"
},
{
"name": "VDB-376137 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/376137/cti"
},
{
"name": "CVE-2026-14621 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-14621"
},
{
"name": "Submit #844900 | FederatedAI FATE (OSX Broker) 5a06d9e4c4cd7ab97a5c8357828adbffaca87785 Improper Isolation / Cross-Tenant Data Exposure",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/844900"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/FederatedAI/FATE/issues/5791"
},
{
"tags": [
"issue-tracking",
"patch"
],
"url": "https://github.com/FederatedAI/FATE/pull/5792"
},
{
"tags": [
"product"
],
"url": "https://github.com/FederatedAI/FATE/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-07-03T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-07-03T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-07-03T18:57:38.000Z",
"value": "VulDB entry last update"
}
],
"title": "FederatedAI FATE OSX Broker QueuePushReqStreamObserver.java QueuePushReqStreamObserver.initEggroll wrong session"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-14621",
"datePublished": "2026-07-04T08:15:08.912Z",
"dateReserved": "2026-07-03T16:52:34.586Z",
"dateUpdated": "2026-07-06T16:51:38.896Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-14621 (GCVE-0-2026-14621)
Vulnerability from cvelistv5 – Published: 2026-07-04 08:15 – Updated: 2026-07-06 16:51
VLAI
EPSS
VEX
Title
FederatedAI FATE OSX Broker QueuePushReqStreamObserver.java QueuePushReqStreamObserver.initEggroll wrong session
Summary
A vulnerability has been found in FederatedAI FATE up to 2.2.0. This affects the function QueuePushReqStreamObserver.initEggroll of the file java/osx/osx-broker/src/main/java/org/fedai/osx/broker/grpc/QueuePushReqStreamObserver.java of the component OSX Broker. Such manipulation of the argument rollSiteSessionId/dstRole/dstPartyId leads to exposure of data element to wrong session. The attack can be executed remotely. A high complexity level is associated with this attack. It is indicated that the exploitability is difficult. The exploit has been disclosed to the public and may be used. The pull request to fix this issue awaits acceptance.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-488 - Exposure of Data Element to Wrong Session
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/376137 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/376137/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-14621 | third-party-advisory |
| https://vuldb.com/submit/844900 | third-party-advisory |
| https://github.com/FederatedAI/FATE/issues/5791 | exploitissue-tracking |
| https://github.com/FederatedAI/FATE/pull/5792 | issue-trackingpatch |
| https://github.com/FederatedAI/FATE/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| FederatedAI | FATE |
Affected:
2.0
Affected: 2.1 Affected: 2.2.0 cpe:2.3:a:federatedai:fate:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-14621",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-06T16:36:21.395762Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-06T16:51:38.896Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:federatedai:fate:*:*:*:*:*:*:*:*"
],
"modules": [
"OSX Broker"
],
"product": "FATE",
"vendor": "FederatedAI",
"versions": [
{
"status": "affected",
"version": "2.0"
},
{
"status": "affected",
"version": "2.1"
},
{
"status": "affected",
"version": "2.2.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Dem00000 (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in FederatedAI FATE up to 2.2.0. This affects the function QueuePushReqStreamObserver.initEggroll of the file java/osx/osx-broker/src/main/java/org/fedai/osx/broker/grpc/QueuePushReqStreamObserver.java of the component OSX Broker. Such manipulation of the argument rollSiteSessionId/dstRole/dstPartyId leads to exposure of data element to wrong session. The attack can be executed remotely. A high complexity level is associated with this attack. It is indicated that the exploitability is difficult. The exploit has been disclosed to the public and may be used. The pull request to fix this issue awaits acceptance."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 2.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 2.1,
"vectorString": "AV:N/AC:H/Au:S/C:P/I:N/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-488",
"description": "Exposure of Data Element to Wrong Session",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-04T08:15:08.912Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-376137 | FederatedAI FATE OSX Broker QueuePushReqStreamObserver.java QueuePushReqStreamObserver.initEggroll wrong session",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/376137"
},
{
"name": "VDB-376137 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/376137/cti"
},
{
"name": "CVE-2026-14621 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-14621"
},
{
"name": "Submit #844900 | FederatedAI FATE (OSX Broker) 5a06d9e4c4cd7ab97a5c8357828adbffaca87785 Improper Isolation / Cross-Tenant Data Exposure",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/844900"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/FederatedAI/FATE/issues/5791"
},
{
"tags": [
"issue-tracking",
"patch"
],
"url": "https://github.com/FederatedAI/FATE/pull/5792"
},
{
"tags": [
"product"
],
"url": "https://github.com/FederatedAI/FATE/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-07-03T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-07-03T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-07-03T18:57:38.000Z",
"value": "VulDB entry last update"
}
],
"title": "FederatedAI FATE OSX Broker QueuePushReqStreamObserver.java QueuePushReqStreamObserver.initEggroll wrong session"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-14621",
"datePublished": "2026-07-04T08:15:08.912Z",
"dateReserved": "2026-07-03T16:52:34.586Z",
"dateUpdated": "2026-07-06T16:51:38.896Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}