CVE-2026-54533 PUBLISHED

vantage6 node has an Improper Access Control issue

Assigner: GitHub_M
Reserved: 15.06.2026 Published: 17.06.2026 Updated: 18.06.2026

vantage6 is an open-source infrastructure for privacy preserving analysis. Prior to version 5.0.0, malicious algorithms can potentially access other algorithms input and output files. Version 5.0.0 fixes the issue. As a workaround, verify and restrict the algorithm containers that are allowed to run on the node.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
CVSS Score: 6.9

Product Status

Vendor vantage6
Product vantage6
Versions
  • Version < 5.0.0 is affected

References

Problem Types

  • CWE-284: Improper Access Control CWE