CVE-2026-24178

Published: Apr 28, 2026Modified: May 4, 2026

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: psirt@nvidia.com (Secondary)

Description

NVIDIA NVFlare Dashboard contains a vulnerability in the user management and authentication system where an unauthenticated attacker may cause authorization bypass through user-controlled key. A successful exploit of this vulnerability may lead to privilege escalation, data tampering, information disclosure, code execution, and denial of service.

Affected (1)

Products: Nvidia: Nvflare

1 product

Configuration A

1 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Nvidia Nvflare	Before 2.7.2

Running on/with	Platform Versions
Apple Macos	All versions
Linux Linux Kernel	All versions

Related CWEs

Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

References (3)

https://nvd.nist.gov/vuln/detail/CVE-2026-24178

Source: psirt@nvidia.com

US Government Resource

https://nvidia.custhelp.com/app/answers/detail/a_id/5819

Source: psirt@nvidia.com

Vendor Advisory

https://www.cve.org/CVERecord?id=CVE-2026-24178

Source: psirt@nvidia.com

Third Party Advisory

Timeline

No history available yet.