CVE-2026-31234

CRITICAL

Horovod <= 0.28.1 - Unauthenticated Remote Code Execution via Insecure KVStore Deserialization

Title source: llm

Description

Horovod thru 0.28.1 contains an insecure deserialization vulnerability (CWE-502) in its KVStore HTTP server component. The KVStore server, used for distributed task coordination, lacks authentication and authorization controls, allowing any remote attacker to write arbitrary data via HTTP PUT requests. When a Horovod worker reads data from the KVStore (via HTTP GET), it deserializes the data using cloudpickle.loads() without verifying its source or integrity. An attacker can exploit this by sending a malicious pickle payload to the server before the legitimate data is written, causing the victim worker to deserialize and execute arbitrary code, leading to remote code execution.

References (2)

Core 2

Core References

https://github.com/horovod/horovod

View Writeup ZIP pw:eip

https://www.notion.so/CVE-2026-31234-35d1e139318881d585cde508b9d2453c

Scores

CVSS v3 9.8

EPSS 0.0069

EPSS Percentile 47.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-502

Status published

Products (1)

pypi/horovod 0 - 0.28.1PyPI

Published May 12, 2026

Tracked Since May 12, 2026