CVE-2026-24204
Received Received - Intake
Path Traversal in NVIDIA Flare SDK Leads to Data Disclosure

Publication date: 2026-04-28

Last updated on: 2026-05-04

Assigner: NVIDIA Corporation

Description
NVIDIA Flare SDK contains a vulnerability where an Attacker may cause an Improper Input Validation by path traversing. A successful exploit of this vulnerability may lead to information disclosure.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-28
Last Modified
2026-05-04
Generated
2026-06-16
AI Q&A
2026-04-29
EPSS Evaluated
2026-06-15
NVD
CVE-2026-24204
EUVD
EUVD-2026-26077
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
nvidia nvflare to 2.7.2 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-20 The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Detection Guidance

There is no specific information provided in the available resources about detection methods or commands to identify the presence or exploitation of CVE-2026-24204 on a network or system.

Executive Summary

CVE-2026-24204 is a medium severity vulnerability in the NVIDIA FLARE SDK caused by improper input validation through path traversal.

An attacker with low privileges can exploit this vulnerability remotely without any user interaction and with low attack complexity.

Successful exploitation may lead to information disclosure but does not affect the integrity or availability of the system.

This vulnerability affects all versions of the NVIDIA FLARE SDK prior to version 2.7.2 on Linux and MacOS platforms.

NVIDIA has released version 2.7.2 to address this issue.

Impact Analysis

This vulnerability can lead to information disclosure, meaning an attacker could gain unauthorized access to sensitive information.

However, it does not impact the integrity or availability of the affected system.

Because the attack can be performed remotely with low privileges and no user interaction, it poses a significant risk if the affected software is in use.

Mitigation Strategies

To mitigate the CVE-2026-24204 vulnerability in the NVIDIA FLARE SDK, users should update the SDK to version 2.7.2 or later.

This update addresses the improper input validation issue caused by path traversal that could lead to information disclosure.

Compliance Impact

The vulnerability in NVIDIA Flare SDK involves improper input validation leading to potential information disclosure. Such information disclosure risks can impact compliance with data protection regulations like GDPR and HIPAA, which require safeguarding sensitive data against unauthorized access.

Since the vulnerability allows an attacker to disclose information without impacting integrity or availability, organizations using affected versions of the SDK may face increased risk of non-compliance if sensitive or personal data is exposed.

Mitigating this vulnerability by updating to version 2.7.2 or later is essential to maintain compliance with these standards, as failure to protect confidential information could lead to regulatory penalties.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-24204. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart