CVE-2026-24178

EUVD-2026-26075
NVIDIA NVFlare Dashboard contains a vulnerability in the user management and authentication system where an unauthenticated attacker may cause authorization bypass through user-controlled key. A successful exploit of this vulnerability may lead to privilege escalation, data tampering, information disclosure, code execution, and denial of service.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 48%
Affected Products (NVD)
VendorProductVersion
nvidianvflare
𝑥
< 2.7.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://nvd.nist.gov/vuln/detail/CVE-2026-24178
https://nvidia.custhelp.com/app/answers/detail/a_id/5819
https://www.cve.org/CVERecord?id=CVE-2026-24178