Privacy-Preserving Analysis Vulnerability in Vantage6 by Vantage6
CVE-2026-54533

6.9MEDIUM

Key Information:

Vendor

Vantage6

Status
Vantage6
Vendor
CVE Published:
17 June 2026

What is CVE-2026-54533?

The Vantage6 platform, known for its open-source framework enabling privacy-preserving analysis, has a security vulnerability in versions prior to 5.0.0. Certain malicious algorithms can exploit this weakness to gain unauthorized access to input and output files from other algorithms running on the same node. The issue was rectified in version 5.0.0, highlighting the importance of updating to the latest version. Users are advised to restrict the algorithm containers that are deployed on their nodes as an immediate workaround to enhance security.

Affected Version(s)

vantage6 < 5.0.0

References

https://github.com/vantage6/vantage6/security/advisories/...
x_refsource_CONFIRM
https://github.com/vantage6/vantage6/issues/1932
x_refsource_MISC
https://docs.vantage6.ai/usage/running-the-node/security
x_refsource_MISC

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.