Primary

Context

NVIDIA NVFlare Dashboard Authorization Bypass Vulnerability Allowing Privilege Escalation and Code Execution

Vulnerability

Patched

A vulnerability has been identified in the user management and authentication system of the NVIDIA NVFlare Dashboard. This issue allows an unauthenticated attacker to bypass authorization using user-controlled keys. Exploitation of this vulnerability could lead to privilege escalation, data tampering, unauthorized information disclosure, remote code execution, and denial-of-service conditions.

Impact

Successful exploitation allows for authorization bypass, leading to privilege escalation, data tampering, information disclosure, code execution, and denial-of-service.

Remediation

Users are advised to update to NVIDIA NVFlare SDK version 2.7.2 or later. The updated version can be downloaded from the NVIDIA NVFlare GitHub repository.

Added: Apr 28, 2026, 7:47 PM

Updated: Apr 28, 2026, 7:47 PM

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

5.0

exploitability

7.0

remediation

7.7

relevance

6.9

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

5.0

exploitability

7.0

remediation

7.7

relevance

6.9

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

NVIDIA NVFlare Dashboard Authorization Bypass Vulnerability Allowing Privilege Escalation and Code Execution

Vulnerability

Impact

Remediation

Affected Products

NVIDIA NVFlare Dashboard

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating