CVE-2026-24178 - Vulnerability Analysis
CriticalCVSS: 9.8Last Updated: April 28, 2026
NVIDIA NVFlare Dashboard - Authorization Bypass
Published: April 28, 2026Updated: April 28, 2026Remote Exploitable
Overview
NVIDIA NVFlare Dashboard contains an authorization bypass caused by user-controlled key in the user management and authentication system, letting unauthenticated attackers escalate privileges, tamper data, disclose information, execute code, and cause denial of service, exploit requires no authentication.
Severity & Score
Severity: Critical
CVSS Score: 9.8
Impact
Unauthenticated attackers can bypass authorization to escalate privileges, modify data, disclose information, execute code, and cause denial of service.
Mitigation
Update to the latest version with the vulnerability fixed.
References
Related Resources
Details
- CVE ID
- CVE-2026-24178
- Severity
- Critical
- CVSS Score
- 9.8
- Type
- broken_access_control
- Status
- unconfirmed
CWE
- CWE-639
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H