vantage6
CVE-2026-54533
MEDIUM
Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Network-reachable via algorithm submission with no authentication (per PR:N tag and 'Authentication Bypass'); high confidentiality impact because private analysis data of co-resident algorithms is exposed.
Primary rating from Vendor (GitHub_M).
CVSS VectorVendor: GitHub_M
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2Blast Radius
ecosystem impact- 3 pypi packages depend on vantage6 (3 direct, 0 indirect)
Ecosystem-wide dependent count for version 5.0.0.
DescriptionCVE.org
vantage6 is an open-source infrastructure for privacy preserving analysis. Prior to version 5.0.0, malicious algorithms can potentially access other algorithms input and output files. Version 5.0.0 fixes the issue. As a workaround, verify and restrict the algorithm containers that are allowed to run on the node.
AnalysisAI
Improper access control in vantage6 nodes prior to version 5.0.0 allows malicious algorithm containers to read input and output files belonging to other algorithms running on the same node. This directly undermines the core privacy guarantee of the platform - a federated learning infrastructure explicitly designed for privacy-preserving analysis - by exposing sensitive intermediate data to adversarially crafted algorithms. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The target must be running a vantage6 node prior to version 5.0.0 with no algorithm container allowlist enforced (the default configuration). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The provided CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N) indicates low-complexity, network-reachable exploitation with no authentication requirement, which aligns with the 'Authentication Bypass' tag - suggesting the algorithm submission pathway can be abused without proper authorization. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with the ability to submit an algorithm task to a vantage6 node crafts a malicious algorithm container that, upon execution, enumerates and reads the working directories of co-resident algorithm containers on the same node filesystem. The attacker's container exfiltrates those files - which may contain partitioned sensitive datasets or intermediate model outputs - back to an attacker-controlled endpoint. … |
| Remediation | Vendor-released patch: vantage6 5.0.0. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Critical authentication bypass vulnerability in vantage6 (an open-source federated learning and privacy-enhancing techno
vantage6 servers auto-generate JWT secret keys using UUID1, a predictable algorithm that lacks cryptographic strength, a
Default hardcoded admin credentials in vantage6 expose servers running versions prior to 5.0.0 to unauthorized administr
Same weakness CWE-284 – Improper Access Control
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today