CVE-2026-24178
published 2026-04-28CVE-2026-24178: NVIDIA NVFlare Dashboard contains a vulnerability in the user management and authentication system where an unauthenticated attacker may cause authorization…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
NVIDIA NVFlare Dashboard contains a vulnerability in the user management and authentication system where an unauthenticated attacker may cause authorization bypass through user-controlled key. A successful exploit of this vulnerability may lead to privilege escalation, data tampering, information disclosure, code execution, and denial of service.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| nvidia | flare_sdk | — | — |
| nvidia | nvflare | < 2.7.2 | 2.7.2 |