CVE 9.8 CRITICAL

CVE-2026-24178_CVE-2026-24178

April 28, 2026 invoker category_cve

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

NVIDIA NVFlare Dashboard contains a vulnerability in the user management and authentication system where an unauthenticated attacker may cause authorization bypass through user-controlled key. A successful exploit of this vulnerability may lead to privilege escalation, data tampering, information disclosure, code execution, and denial of service.

AI Analysis

Authorization bypass vulnerability in NVIDIA NVFlare Dashboard's user management and authentication system

Basic Information

ID CVE-2026-24178

Source nvidia

Published Apr 28, 2026 at 17:44

Affected Product

Vendor NVIDIA

Product FLARE SDK

Version All versions prior to 2.7.2

Affected Versions NVIDIA FLARE SDK All versions prior to 2.7.2

CWE Classification

CWE-639

AI Assessment

AI Score 9.8 / 10

AI Severity Critical

Vendor NVIDIA

Product FLARE SDK

Version All versions prior to 2.7.2

References

{
    "lastseen": "",
    "description": "NVIDIA NVFlare Dashboard contains a vulnerability in the user management and authentication system where an unauthenticated attacker may cause authorization bypass through user-controlled key. A successful exploit of this vulnerability may lead to privilege escalation, data tampering, information disclosure, code execution, and denial of service.",
    "published": "2026-04-28T17:44:51.538Z",
    "modified": "2026-04-28T17:44:51.538Z",
    "type": "cve",
    "title": "CVE-2026-24178",
    "source": "nvidia",
    "references": "https://nvd.nist.gov/vuln/detail/CVE-2026-24178\nhttps://www.cve.org/CVERecord?id=CVE-2026-24178\nhttps://nvidia.custhelp.com/app/answers/detail/a_id/5819",
    "id": "CVE-2026-24178",
    "bulletinFamily": "",
    "cwe": [
        "CWE-639"
    ],
    "cvelist": null,
    "sourceData": "NVIDIA FLARE SDK All versions prior to 2.7.2",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "FLARE SDK",
    "version": "All versions prior to 2.7.2",
    "vendor": "NVIDIA",
    "ai_description": "Authorization bypass vulnerability in NVIDIA NVFlare Dashboard's user management and authentication system",
    "ai_severity": "Critical",
    "ai_vendor": "NVIDIA",
    "ai_product": "FLARE SDK",
    "ai_version": "All versions prior to 2.7.2",
    "ai_score": 9.8
}

💭 Join the Security Discussion ❌ Cancel Reply