Skip to main content

Fate

1 CVEs product

Monthly

CVE-2026-14621 LOW POC PATCH Monitor

Session data exposure in FederatedAI FATE's OSX Broker gRPC component allows an authenticated federated party to manipulate session routing arguments and access data belonging to a different federated session. Affected versions extend through FATE 2.2.0, specifically in the QueuePushReqStreamObserver.initEggroll method within the Java-based OSX Broker. No public exploit confirmed active exploitation (not in CISA KEV), though exploit code has been publicly disclosed via a GitHub issue, and the CVSS 4.0 score of 2.3 reflects the high attack complexity and limited confidentiality impact.

Java Information Disclosure Fate
NVD VulDB GitHub
CVSS 4.0
1.3
EPSS
0.3%
EPSS 0% CVSS 1.3
LOW POC PATCH Monitor

Session data exposure in FederatedAI FATE's OSX Broker gRPC component allows an authenticated federated party to manipulate session routing arguments and access data belonging to a different federated session. Affected versions extend through FATE 2.2.0, specifically in the QueuePushReqStreamObserver.initEggroll method within the Java-based OSX Broker. No public exploit confirmed active exploitation (not in CISA KEV), though exploit code has been publicly disclosed via a GitHub issue, and the CVSS 4.0 score of 2.3 reflects the high attack complexity and limited confidentiality impact.

Java Information Disclosure Fate
NVD VulDB GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy