Skip to main content
CVE Vulnerability Database

CVE-2026-5535: FedML-AI FedML Path Traversal Vulnerability

CVE-2026-5535 is a path traversal flaw in FedML-AI FedML up to 0.8.9 affecting the MQTT Message Handler. Attackers can remotely exploit this to access unauthorized files. This article covers technical details, affected versions, impact, and mitigation strategies.

Published:

CVE-2026-5535 Overview

A path traversal vulnerability has been discovered in FedML-AI FedML versions up to 0.8.9. This security flaw affects the FileUtils.java component within the MQTT Message Handler, where manipulation of the dataSet argument enables unauthorized file system access. The vulnerability allows remote attackers to traverse directory structures outside intended boundaries, potentially accessing sensitive files on the target system.

Critical Impact

Remote attackers can exploit this path traversal vulnerability to read arbitrary files on affected FedML installations by manipulating the dataSet parameter in MQTT messages, potentially exposing sensitive configuration data, credentials, or proprietary machine learning models.

Affected Products

  • FedML-AI FedML versions up to and including 0.8.9
  • Systems utilizing the MQTT Message Handler component
  • Deployments with exposed MQTT interfaces

Discovery Timeline

  • 2026-04-05 - CVE-2026-5535 published to NVD
  • 2026-04-07 - Last updated in NVD database

Technical Details for CVE-2026-5535

Vulnerability Analysis

This vulnerability is classified as CWE-22 (Improper Limitation of a Pathname to a Restricted Directory), commonly known as path traversal or directory traversal. The flaw exists in the FileUtils.java file within FedML's MQTT Message Handler component.

When processing MQTT messages, the application fails to properly sanitize the dataSet argument before using it in file path operations. This allows an attacker to inject directory traversal sequences (such as ../) into the parameter, enabling navigation outside the intended directory structure. Since the attack vector is network-based and requires low privileges to execute, authenticated users with basic access to the MQTT interface can exploit this vulnerability to access unauthorized files.

The vendor was contacted regarding this vulnerability but did not respond, leaving no official patch available at the time of disclosure. A public exploit has been released, increasing the risk of active exploitation in the wild.

Root Cause

The root cause of this vulnerability lies in insufficient input validation within the FileUtils.java component. The dataSet parameter received through MQTT messages is not properly sanitized before being used to construct file paths. The absence of path canonicalization, directory boundary checks, or input filtering allows malicious path sequences to traverse outside the intended directory hierarchy.

Attack Vector

The attack is conducted remotely over the network by sending specially crafted MQTT messages to the target FedML installation. An attacker with low-level authentication can manipulate the dataSet parameter to include path traversal sequences. When the MQTT Message Handler processes these messages, the unsanitized input is passed to file operations in FileUtils.java, allowing the attacker to read files from arbitrary locations on the file system.

The attack flow involves:

  1. Establishing a connection to the target's MQTT broker
  2. Crafting an MQTT message with a malicious dataSet value containing path traversal sequences
  3. The MQTT Message Handler processes the request without proper validation
  4. FileUtils.java uses the unsanitized path, enabling file access outside intended boundaries

Detection Methods for CVE-2026-5535

Indicators of Compromise

  • Unusual MQTT message patterns containing path traversal sequences such as ../, ..\\, or URL-encoded variants like %2e%2e%2f
  • Unexpected file access attempts logged in system audit trails, particularly accessing files outside the FedML data directories
  • MQTT connection logs showing repeated requests with varying path manipulation attempts
  • Access attempts to sensitive files such as /etc/passwd, configuration files, or credential stores through the MQTT interface

Detection Strategies

  • Implement deep packet inspection on MQTT traffic to identify path traversal patterns in message payloads
  • Configure application-level logging to capture all dataSet parameter values processed by the MQTT Message Handler
  • Deploy file integrity monitoring on sensitive directories to detect unauthorized access attempts
  • Use network-based intrusion detection signatures to flag MQTT messages containing directory traversal sequences

Monitoring Recommendations

  • Enable verbose logging for the FedML MQTT Message Handler component to capture all incoming message parameters
  • Monitor file system access patterns for the FedML service account, alerting on access to files outside expected directories
  • Implement real-time alerting for failed file access attempts that may indicate traversal exploitation attempts
  • Review MQTT broker authentication logs for anomalous connection patterns or credential abuse

How to Mitigate CVE-2026-5535

Immediate Actions Required

  • Restrict network access to the MQTT interface to trusted hosts only using firewall rules
  • Implement additional authentication requirements for MQTT connections if not already in place
  • Review and audit any sensitive files accessible from the FedML service account
  • Consider temporarily disabling the affected MQTT Message Handler functionality if not critical to operations
  • Monitor systems for any indicators of compromise until a patch is available

Patch Information

At the time of publication, the vendor (FedML-AI) has not responded to disclosure attempts and no official patch is available. Organizations should monitor the FedML GitHub repository for security updates and consider implementing the workarounds below until an official fix is released.

For additional technical details, refer to the GitHub Issue Report and VulDB entry #355288.

Workarounds

  • Deploy a reverse proxy or API gateway in front of the MQTT broker to filter and validate incoming message parameters
  • Implement custom input validation at the application layer to reject any dataSet values containing path traversal sequences
  • Use file system permissions to limit the FedML service account's read access to only required directories
  • Consider containerizing the FedML deployment with restricted volume mounts to limit file system exposure
bash
# Example: Restrict MQTT access using iptables
# Allow MQTT connections only from trusted internal network
iptables -A INPUT -p tcp --dport 1883 -s 10.0.0.0/8 -j ACCEPT
iptables -A INPUT -p tcp --dport 1883 -j DROP

# Example: Restrict file system permissions for FedML service
chmod -R 750 /opt/fedml/data
chown -R fedml:fedml /opt/fedml/data

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.