CVE-2026-24178 PUBLISHED

Assigner: nvidia
Reserved: 21.01.2026 Published: 28.04.2026 Updated: 28.04.2026

NVIDIA NVFlare Dashboard contains a vulnerability in the user management and authentication system where an unauthenticated attacker may cause authorization bypass through user-controlled key. A successful exploit of this vulnerability may lead to privilege escalation, data tampering, information disclosure, code execution, and denial of service.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS Score: 9.8

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	None	Integrity Impact	High
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Vendor	NVIDIA
Product	FLARE SDK
Versions	Default: unaffected Version All versions prior to 2.7.2 is affected

References

Problem Types

CWE-639 Authorization Bypass Through User-Controlled Key CWE

Impacts

Escalation of privilege, data tampering, information disclosure, code execution, denial of service