Fix unsafe pickle deserialization in gRPC PolicyServer (CVE-2026-26210)#1944

Closed

Chocapikk wants to merge 2 commits intokvcache-ai:mainfrom

Chocapikk:fix/cve-2026-26210-unsafe-deserialization

Commits on Apr 23, 2026

Fix: Replace pickle deserialization with HMAC auth + safetensors + JSON (CVE-2026-26210)
Chocapikk
committed
Fix: Address code review - RestrictedUnpickler for C++ types, fix HMAC consistency, fix secret sharing
Chocapikk
committed