Authorization Bypass Vulnerability in NVIDIA NVFlare Dashboard
CVE-2026-24178

9.8CRITICAL

Key Information:

Vendor: Nvidia
Status: Flare Sdk
Vendor: CVE Published:; 28 April 2026

What is CVE-2026-24178?

The NVIDIA NVFlare Dashboard has a vulnerability in its user management and authentication system. This flaw allows unauthenticated attackers to potentially bypass authorization through a user-controlled key. Exploiting this vulnerability could lead to various serious impacts including privilege escalation, unauthorized access to sensitive data, data tampering, arbitrary code execution, and could also result in service disruptions. Organizations utilizing this software should ensure they are aware of this issue and take necessary measures to mitigate potential risks.

Affected Version(s)

FLARE SDK Linux/MacOS All versions prior to 2.7.2

References

https://nvd.nist.gov/vuln/detail/CVE-2026-24178

https://www.cve.org/CVERecord?id=CVE-2026-24178

https://nvidia.custhelp.com/app/answers/detail/a_id/5819

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 28, 2026
Vulnerability Reserved
Jan 21, 2026

CVE-2026-24178 Data

JSON

Nvidia

What is CVE-2026-24178?

Affected Version(s)

References

CVSS V3.1

Timeline