An urgent security update for its NVIDIA FLARE SDK, addressing three vulnerabilities, including a critical 9.8 CVSS-rated authentication bypass affecting all versions before 2.7.2 on Linux and macOS.
Security teams and AI researchers relying on NVIDIA FLARE for federated learning deployments must act immediately. The April 28, 2026, security bulletin details three CVEs ranging from medium to critical severity, with attack vectors that require no user interaction and can be exploited entirely over the network.
NVIDIA FLARE (Federated Learning Application Runtime Environment) is a domain-agnostic, open-source, extensible Python SDK developed by NVIDIA to enable researchers, data scientists, and engineers to adapt existing machine learning and deep learning workloads to a federated paradigm.
NVIDIA FLARE SDK Vulnerability
The framework supports privacy-preserving, distributed multi-party AI collaboration and has found wide application in healthcare, financial services, and enterprise AI sectors where centralizing sensitive datasets is impractical or legally prohibited.
With federated learning adoption rapidly accelerating across regulated industries, a compromise of the FLARE SDK infrastructure could expose sensitive model training pipelines, gradient data, and collaborative research environments.
NVIDIA’s bulletin documents three distinct vulnerabilities patched in v2.7.2. The following table summarizes each CVE, its severity, and its potential impact:
| CVE ID | CVSS Score | Severity | Component | Impact |
|---|---|---|---|---|
| CVE-2026-24178 | 9.8 | Critical | NVFlare Dashboard | Privilege escalation, data tampering, code execution, DoS |
| CVE-2026-24186 | 8.8 | High | FOBS | Remote code execution |
| CVE-2026-24204 | 6.5 | Medium | SDK Input Validation | Information disclosure |
CVE-2026-24178: Critical Authentication Bypass
The most severe vulnerability, CVE-2026-24178, resides in the NVFlare Dashboard’s user management and authentication system. Classified under CWE-639 (Authorization Bypass Through User-Controlled Key), the flaw allows an unauthenticated remote attacker to bypass authorization by manipulating a user-controlled key.
The CVSS vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H confirms this is a network-exploitable, zero-click vulnerability requiring no privileges whatsoever the most dangerous attack profile possible.
A successful exploit of CVE-2026-24178 can result in devastating consequences: privilege escalation, data tampering, sensitive information disclosure, remote code execution, and denial-of-service attacks.
In federated learning environments, this means an unauthenticated threat actor could seize administrative control of the FLARE Dashboard, manipulate model training jobs, exfiltrate gradient and dataset metadata, or completely disrupt an ongoing federated experiment.
CVE-2026-24186: FOBS Deserialization Code Execution
The second vulnerability, CVE-2026-24186, is a deserialization of untrusted data flaw (CWE-502) located within FOBS, the FLARE Object Serialization component used for inter-component communication.
An authenticated attacker with low privileges can exploit this flaw by sending a specially crafted, malicious FOBS-encoded message to trigger arbitrary code execution on the target server.
The CVSS vector AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H confirms remote network exploitation with low complexity and no user interaction required. Deserialization vulnerabilities are consistently ranked among the most exploited vulnerability classes in enterprise software.
In the context of federated learning, where FLARE nodes routinely exchange serialized model updates and job configurations, a malicious insider or a compromised federated client could weaponize CVE-2026-24186 to achieve full server-side code execution.
CVE-2026-24204: Path Traversal Information Disclosure
The third flaw, CVE-2026-24204, is classified as CWE-20 (Improper Input Validation) and involves a path-traversal attack vector. A low-privileged attacker can supply a maliciously crafted file path to cause the SDK to read and expose files outside its intended scope, thereby disclosing sensitive information.
While rated medium severity, path traversal vulnerabilities in AI infrastructure can expose model configuration files, cryptographic keys, client certificates, or proprietary training scripts.
Remediation
NVIDIA confirms that all versions of the NVIDIA FLARE SDK before 2.7.2 running on Linux and macOS are affected by all three CVEs. The only official remediation is to upgrade to NVIDIA FLARE SDK v2.7.2 or later immediately.
Steps to remediate:
- Clone or update the repository directly from the official NVIDIA/NVFlare GitHub repository
- Run
pip install nvflare==2.7.2or update via your existing package management pipeline - Validate the dashboard service, FOBS communication endpoints, and file handling modules post-upgrade
- Review the FLARE Dashboard access logs for any unauthorized authentication attempts that may indicate prior exploitation.
Organizations operating air-gapped or on-premises federated learning deployments should treat this as a critical priority patch given the zero-prerequisite attack surface of CVE-2026-24178.
FAQ
Q1. What versions of NVIDIA FLARE SDK are vulnerable?
All versions of NVIDIA FLARE SDK before v2.7.2 on Linux and macOS are affected by CVE-2026-24178, CVE-2026-24186, and CVE-2026-24204.
Q2. Can CVE-2026-24178 be exploited without any credentials?
Yes, CVE-2026-24178 requires zero authentication, making it exploitable by any unauthenticated remote attacker with network access to the NVFlare Dashboard.
Q3. How do I update NVIDIA FLARE SDK to the patched version?
Clone or update directly from the NVIDIA/NVFlare GitHub repository or run pip install nvflare==2.7.2 to upgrade to the secure version.
Q4. Is there a workaround if immediate patching is not possible?
NVIDIA recommends no interim workaround; upgrading to v2.7.2 is the only official mitigation for all three vulnerabilities.
Site: thecybrdef.com
For more insights and updates, follow us on Google News, Twitter, and LinkedIn.
About the Author
