CVE-2026-5535 Overview
A path traversal vulnerability has been discovered in FedML-AI FedML versions up to 0.8.9. This security flaw affects the FileUtils.java component within the MQTT Message Handler, where manipulation of the dataSet argument enables unauthorized file system access. The vulnerability allows remote attackers to traverse directory structures outside intended boundaries, potentially accessing sensitive files on the target system.
Critical Impact
Remote attackers can exploit this path traversal vulnerability to read arbitrary files on affected FedML installations by manipulating the dataSet parameter in MQTT messages, potentially exposing sensitive configuration data, credentials, or proprietary machine learning models.
Affected Products
- FedML-AI FedML versions up to and including 0.8.9
- Systems utilizing the MQTT Message Handler component
- Deployments with exposed MQTT interfaces
Discovery Timeline
- 2026-04-05 - CVE-2026-5535 published to NVD
- 2026-04-07 - Last updated in NVD database
Technical Details for CVE-2026-5535
Vulnerability Analysis
This vulnerability is classified as CWE-22 (Improper Limitation of a Pathname to a Restricted Directory), commonly known as path traversal or directory traversal. The flaw exists in the FileUtils.java file within FedML's MQTT Message Handler component.
When processing MQTT messages, the application fails to properly sanitize the dataSet argument before using it in file path operations. This allows an attacker to inject directory traversal sequences (such as ../) into the parameter, enabling navigation outside the intended directory structure. Since the attack vector is network-based and requires low privileges to execute, authenticated users with basic access to the MQTT interface can exploit this vulnerability to access unauthorized files.
The vendor was contacted regarding this vulnerability but did not respond, leaving no official patch available at the time of disclosure. A public exploit has been released, increasing the risk of active exploitation in the wild.
Root Cause
The root cause of this vulnerability lies in insufficient input validation within the FileUtils.java component. The dataSet parameter received through MQTT messages is not properly sanitized before being used to construct file paths. The absence of path canonicalization, directory boundary checks, or input filtering allows malicious path sequences to traverse outside the intended directory hierarchy.
Attack Vector
The attack is conducted remotely over the network by sending specially crafted MQTT messages to the target FedML installation. An attacker with low-level authentication can manipulate the dataSet parameter to include path traversal sequences. When the MQTT Message Handler processes these messages, the unsanitized input is passed to file operations in FileUtils.java, allowing the attacker to read files from arbitrary locations on the file system.
The attack flow involves:
- Establishing a connection to the target's MQTT broker
- Crafting an MQTT message with a malicious dataSet value containing path traversal sequences
- The MQTT Message Handler processes the request without proper validation
- FileUtils.java uses the unsanitized path, enabling file access outside intended boundaries
Detection Methods for CVE-2026-5535
Indicators of Compromise
- Unusual MQTT message patterns containing path traversal sequences such as ../, ..\\, or URL-encoded variants like %2e%2e%2f
- Unexpected file access attempts logged in system audit trails, particularly accessing files outside the FedML data directories
- MQTT connection logs showing repeated requests with varying path manipulation attempts
- Access attempts to sensitive files such as /etc/passwd, configuration files, or credential stores through the MQTT interface
Detection Strategies
- Implement deep packet inspection on MQTT traffic to identify path traversal patterns in message payloads
- Configure application-level logging to capture all dataSet parameter values processed by the MQTT Message Handler
- Deploy file integrity monitoring on sensitive directories to detect unauthorized access attempts
- Use network-based intrusion detection signatures to flag MQTT messages containing directory traversal sequences
Monitoring Recommendations
- Enable verbose logging for the FedML MQTT Message Handler component to capture all incoming message parameters
- Monitor file system access patterns for the FedML service account, alerting on access to files outside expected directories
- Implement real-time alerting for failed file access attempts that may indicate traversal exploitation attempts
- Review MQTT broker authentication logs for anomalous connection patterns or credential abuse
How to Mitigate CVE-2026-5535
Immediate Actions Required
- Restrict network access to the MQTT interface to trusted hosts only using firewall rules
- Implement additional authentication requirements for MQTT connections if not already in place
- Review and audit any sensitive files accessible from the FedML service account
- Consider temporarily disabling the affected MQTT Message Handler functionality if not critical to operations
- Monitor systems for any indicators of compromise until a patch is available
Patch Information
At the time of publication, the vendor (FedML-AI) has not responded to disclosure attempts and no official patch is available. Organizations should monitor the FedML GitHub repository for security updates and consider implementing the workarounds below until an official fix is released.
For additional technical details, refer to the GitHub Issue Report and VulDB entry #355288.
Workarounds
- Deploy a reverse proxy or API gateway in front of the MQTT broker to filter and validate incoming message parameters
- Implement custom input validation at the application layer to reject any dataSet values containing path traversal sequences
- Use file system permissions to limit the FedML service account's read access to only required directories
- Consider containerizing the FedML deployment with restricted volume mounts to limit file system exposure
# Example: Restrict MQTT access using iptables
# Allow MQTT connections only from trusted internal network
iptables -A INPUT -p tcp --dport 1883 -s 10.0.0.0/8 -j ACCEPT
iptables -A INPUT -p tcp --dport 1883 -j DROP
# Example: Restrict file system permissions for FedML service
chmod -R 750 /opt/fedml/data
chown -R fedml:fedml /opt/fedml/data
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
