Deserialization Vulnerability in NVIDIA FLARE SDK
CVE-2026-24186

8.8HIGH

Key Information:

Vendor: Nvidia
Status: Flare Sdk
Vendor: CVE Published:; 28 April 2026

What is CVE-2026-24186?

NVIDIA FLARE SDK has a deserialization vulnerability in its FOBS component, which can be exploited by an attacker sending a malicious FOBS-encoded message. This flaw allows for the deserialization of untrusted data, potentially enabling unauthorized code execution within the system, posing significant security risks.

Affected Version(s)

FLARE SDK Linux/MacOS All versions prior to 2.7.2

References

https://nvd.nist.gov/vuln/detail/CVE-2026-24186

https://www.cve.org/CVERecord?id=CVE-2026-24186

https://nvidia.custhelp.com/app/answers/detail/a_id/5819

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 28, 2026
Vulnerability Reserved
Jan 21, 2026

CVE-2026-24186 Data

JSON

Nvidia

What is CVE-2026-24186?

Affected Version(s)

References

CVSS V3.1

Timeline