Unsafe Deserialization vulnerability in Modular Max Serve before 25.6, specifically when the "--experimental-enable-kvcache-agent" feature is used allowing attackers to execute arbitrary code.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| modular(PyPI) | 0 | 25.6.0 | N/A |
CVSS Metrics
