Primary

Context

NVIDIA FLARE SDK FOBS Deserialization Vulnerability Leading to Code Execution

Vulnerability

Patched

A vulnerability exists in the NVIDIA FLARE SDK prior to version 2.7.2, specifically within the FOBS component. This vulnerability allows an attacker to cause deserialization of untrusted data by sending a malicious FOBS-encoded message. Exploiting this vulnerability could result in unauthorized code execution.

Impact

Exploitation of this vulnerability could lead to arbitrary code execution on the affected system.

Remediation

Users are advised to update to NVIDIA FLARE SDK version 2.7.2 or later. The updated version can be downloaded from the NVIDIA/NVFlare repository on GitHub.

Added: Apr 28, 2026, 7:47 PM

Updated: Apr 28, 2026, 7:47 PM

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

7.5

exploitability

5.7

remediation

7.7

relevance

6.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

7.5

exploitability

5.7

remediation

7.7

relevance

6.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

NVIDIA FLARE SDK FOBS Deserialization Vulnerability Leading to Code Execution

Vulnerability

Impact

Remediation

Affected Products

NVIDIA FLARE SDK

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating