CVE Catalog

CVE-2026-24178

Critical
Published: Translated: NVD NIST

Summary

The NVIDIA NVFlare Dashboard contains a vulnerability in the user management and authentication system that allows an unauthenticated attacker to bypass authorization through a user-controlled key. Successful exploitation of this vulnerability may lead to privilege escalation, data tampering, information disclosure, code execution, and denial of service.

Risk Assessment

Exploitation of this vulnerability could severely compromise the organization's security, allowing attackers unauthorized access to the system and data. This may result in serious consequences such as data loss and privacy breaches.

Recommendation

It is recommended to update the NVIDIA NVFlare software to the latest version to eliminate this vulnerability. Additionally, implementing further security measures to monitor and restrict access to the system is advisable.

Original NVD description (English source)

NVIDIA NVFlare Dashboard contains a vulnerability in the user management and authentication system where an unauthenticated attacker may cause authorization bypass through user-controlled key. A successful exploit of this vulnerability may lead to privilege escalation, data tampering, information disclosure, code execution, and denial of service.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS