CRITICAL SeverityCVSS 3.19.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2026-24178

Last updated Apr 28, 2026 · Published Apr 28, 2026

Description

NVIDIA NVFlare Dashboard contains a vulnerability in the user management and authentication system where an unauthenticated attacker may cause authorization bypass through user-controlled key. A successful exploit of this vulnerability may lead to privilege escalation, data tampering, information disclosure, code execution, and denial of service.

Affected products

1 listed

NVIDIA:FLARE SDK

Mappings

CWE

CWE-639

CAPEC

None listed.

Research

Insecure direct object references (IDOR): detection and preventionInsecure direct object references let users access other users' data by changing an ID. Enforce object-level…

Guides

Rate Limiting in Node.jsPatterns for APIs, login endpoints, and abuse control.

Training

Authorisation and Access ControlRBAC, ABAC, and privilege escalation patterns in real applications.
API Design That Defends ItselfREST, GraphQL, and gRPC patterns that reduce your attack surface by design.