Skip to main content
ZDI-CAN-29214 HIGH 7.8 Overdue Feb 12, 2026

DeepSpeed

DeepSpeed is an AI/machine learning optimization library developed by Microsoft that accelerates training of large language models. This vulnerability has a high severity rating (7.8) and requires local access with user interaction to exploit, but once triggered delivers significant impact across confidentiality, integrity, and authenticity—no authentication is needed. Security teams should monitor for patches expected by June 2026 and implement access controls on systems running DeepSpeed, particularly in development and training environments where user interaction with untrusted code is possible.

Advisory Details
Researcher Michael DePlante (@izobashi) of TrendAI Zero Day Initiative
Reported February 12, 2026
Deadline June 12, 2026 35d overdue
CVSS Vector AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy