What is the CVSS score of CVE-2026-24178?

CVE-2026-24178 has a CVSS 3.1 base score of 9.8 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.1%.

Which versions of NVIDIA NVFlare Dashboard are affected by CVE-2026-24178?

NVIDIA NVFlare Dashboard contains a critical authentication bypass vulnerability (CVSS 9.8) enabling unauthenticated remote attackers to escalate privileges and achieve arbitrary code execution.. A patch is available.

NVIDIA NVFlare Dashboard CVE-2026-24178

EUVD-2026-26075 CRITICAL

Authorization Bypass Through User-Controlled Key (CWE-639)

2026-04-28 nvidia

Authentication Bypass Privilege Escalation RCE Denial Of Service Information Disclosure Nvidia

9.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Re-analysis Queued

Apr 28, 2026 - 20:23 vuln.today

cvss_changed

Analysis Generated

Apr 28, 2026 - 20:01 vuln.today

EUVD ID Assigned

Apr 28, 2026 - 19:30 euvd

EUVD-2026-26075

Analysis Generated

Apr 28, 2026 - 19:30 vuln.today

CVE Published

Apr 28, 2026 - 17:44 nvd

CRITICAL 9.8

Blast Radius

ecosystem impact

† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth

6 pypi packages depend on nvflare (6 direct, 0 indirect)

Ecosystem-wide dependent count for version 2.7.2.

DescriptionNVD

NVIDIA NVFlare Dashboard contains a vulnerability in the user management and authentication system where an unauthenticated attacker may cause authorization bypass through user-controlled key. A successful exploit of this vulnerability may lead to privilege escalation, data tampering, information disclosure, code execution, and denial of service.

AnalysisAI

Authentication bypass in NVIDIA NVFlare Dashboard allows remote unauthenticated attackers to escalate privileges through user-controlled key manipulation in the authentication system. The vulnerability affects the NVIDIA Flare SDK and enables complete system compromise including arbitrary code execution, data tampering, information disclosure, and denial of service. …

RemediationAI

Within 24 hours: Identify all systems running NVIDIA NVFlare SDK and isolate affected Dashboard instances from production networks or disable remote access. Within 7 days: Monitor NVIDIA security advisories for patch availability; contact NVIDIA support for interim guidance on version-specific mitigations. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory