CVE-2026-24204
Path Traversal in NVIDIA Flare SDK Leads to Data Disclosure
Publication date: 2026-04-28
Last updated on: 2026-05-04
Assigner: NVIDIA Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nvidia | nvflare | to 2.7.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
There is no specific information provided in the available resources about detection methods or commands to identify the presence or exploitation of CVE-2026-24204 on a network or system.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in NVIDIA Flare SDK involves improper input validation leading to potential information disclosure. Such information disclosure risks can impact compliance with data protection regulations like GDPR and HIPAA, which require safeguarding sensitive data against unauthorized access.
Since the vulnerability allows an attacker to disclose information without impacting integrity or availability, organizations using affected versions of the SDK may face increased risk of non-compliance if sensitive or personal data is exposed.
Mitigating this vulnerability by updating to version 2.7.2 or later is essential to maintain compliance with these standards, as failure to protect confidential information could lead to regulatory penalties.
Can you explain this vulnerability to me?
CVE-2026-24204 is a medium severity vulnerability in the NVIDIA FLARE SDK caused by improper input validation through path traversal.
An attacker with low privileges can exploit this vulnerability remotely without any user interaction and with low attack complexity.
Successful exploitation may lead to information disclosure but does not affect the integrity or availability of the system.
This vulnerability affects all versions of the NVIDIA FLARE SDK prior to version 2.7.2 on Linux and MacOS platforms.
NVIDIA has released version 2.7.2 to address this issue.
How can this vulnerability impact me? :
This vulnerability can lead to information disclosure, meaning an attacker could gain unauthorized access to sensitive information.
However, it does not impact the integrity or availability of the affected system.
Because the attack can be performed remotely with low privileges and no user interaction, it poses a significant risk if the affected software is in use.
What immediate steps should I take to mitigate this vulnerability?
To mitigate the CVE-2026-24204 vulnerability in the NVIDIA FLARE SDK, users should update the SDK to version 2.7.2 or later.
This update addresses the improper input validation issue caused by path traversal that could lead to information disclosure.