CVE-2026-54445

vantage6 is an open-source infrastructure for privacy preserving analysis. Versions prior to 5.0.0 provide an initial user with username root and password root. This is not ideal because attackers know that almost all vantage6 servers have a user with username root that probably has admin rights,...

CVE-2026-54533

vantage6 is an open-source infrastructure for privacy preserving analysis. Prior to version 5.0.0, malicious algorithms can potentially access other algorithms input and output files. Version 5.0.0 fixes the issue. As a workaround, verify and restrict the algorithm containers that are allowed to...

CVE-2024-24769

vantage6 is an open-source infrastructure for privacy preserving analysis. Prior to version 5.0.0, users can reset their MFA token via API routes that send them an email. Currently the number of emails that is sent is not limited. This gives attackers the option to flood someones mailbox with a l...

CVE-2024-27928

vantage6 is an open-source infrastructure for privacy preserving analysis. Prior to version 5.0.0, if an attacker hacks into a vantage6 user's email account, they can 1 reset the password via email and then 2 reset the 2FA token via email. This way they reduce 2FA to 1FA email access. Note that...

CVE-2026-54533

vantage6 node (open-source infrastructure for privacy-preserving analysis) contains an Improper Access Control vulnerability prior to version 5.0.0 that could allow malicious algorithms to access other algorithms’ input and output files. Version 5.0.0 fixes the issue. As a workaround, verify and ...

CVE-2026-54533 vantage6 node has an Improper Access Control issue

vantage6 is an open-source infrastructure for privacy preserving analysis. Prior to version 5.0.0, malicious algorithms can potentially access other algorithms input and output files. Version 5.0.0 fixes the issue. As a workaround, verify and restrict the algorithm containers that are allowed to...

CVE-2026-54445

Vantage6 prior to 5.0.0 creates an initial admin user with username root and password root , enabling easy elevated access. The issue is addressed in version 5.0.0 . A workaround is to delete the initial root user after it has been used to create other users. Affected component: initial user prov...

CVE-2024-27928

CVE-2024-27928 (Vantage6) describes a vulnerability in Vantage6 prior to 5.0.0 where an attacker with access to a user’s email can first reset the account password, then reset the 2FA token via email, effectively reducing 2FA to 1FA. This is tied to emails being used as a recovery vector and reli...

CVE-2024-27928 Vantage6: 2FA can be circumvented with hacked email access

vantage6 is an open-source infrastructure for privacy preserving analysis. Prior to version 5.0.0, if an attacker hacks into a vantage6 user's email account, they can 1 reset the password via email and then 2 reset the 2FA token via email. This way they reduce 2FA to 1FA email access. Note that...

CVE-2024-24769

Vantage6 exposes a MFA reset flow via API that can email users without a limit to the number of emails sent (pre-5.0.0). Root cause: lack of rate limiting on MFA reset email dispatch. Impact is described as very low since MFA reset requires a valid password, but abuse can overwhelm a mailbox and ...

CVE-2024-24769 Vantage6: No limit on emails sent for password/MFA reset

vantage6 is an open-source infrastructure for privacy preserving analysis. Prior to version 5.0.0, users can reset their MFA token via API routes that send them an email. Currently the number of emails that is sent is not limited. This gives attackers the option to flood someones mailbox with a l...

vantage6 node has an Improper Access Control issue

Impact Malicious algorithms can potentially access other algorithms input and output files. Patches Todo Workarounds Verify and restrict the algorithm containers that are allowed to run on your node. See here on how to do this. References https://docs.vantage6.ai/usage/running-the-node/security F...

vantage6-node (>=0.0.0 <=3.11.1), vantage6-server (>=0.0.0 <=3.11.1) potentially affected by unknown CVE via vantage6 (>=0.0.0 <=3.3.3)

vantage6 PYPI version =0.0.0, =0.0.0, =0.0.0, =3.11.1 Source cves: unknown CVE Source advisory: OSV:GHSA-X9F6-9RVM-MMRG...

GHSA-X9F6-9RVM-MMRG vantage6 node has an Improper Access Control issue

Impact Malicious algorithms can potentially access other algorithms input and output files. Patches Todo Workarounds Verify and restrict the algorithm containers that are allowed to run on your node. See here on how to do this. References https://docs.vantage6.ai/usage/running-the-node/security F...

vantage6-algorithm-store (>=4.3.0 <=4.15.1rc1), vantage6-node (>=0.0.0 <=4.15.1rc1) +1 more potentially affected by unknown CVE via vantage6 (>=0.0.0 <=4.9.1)

vantage6 PYPI version =0.0.0, =4.3.0, =0.0.0, =0.0.0, =4.15.1rc1 Source cves: unknown CVE Source advisory: OSV:GHSA-FGMC-2HQJ-86V4...

vantage6-algorithm-store (>=4.3.0 <=4.15.1rc1), vantage6-node (>=0.0.0 <=4.15.1rc1) +1 more potentially affected by CVE-2024-27928 via vantage6 (>=0.0.0 <=4.9.1)

vantage6 PYPI version =0.0.0, =4.3.0, =0.0.0, =0.0.0, =4.15.1rc1 Source cves: CVE-2024-27928 Source advisory: OSV:GHSA-4C5C-2VC3-X5W2...

GHSA-5549-C5Q7-FJ65 Vantage6: No limit on emails sent for password/MFA reset

Impact Users can reset their MFA token via API routes that send them an email. Currently the number of emails that is sent is not limited. This gives attackers the option to flood someones mailbox with a lot of emails, and would have adverse effects on the SMTP server which may be seen as spam...

PT-2026-50569

Name of the Vulnerable Software and Affected Versions vantage6 versions prior to 5.0.0 Description An open-source infrastructure for privacy preserving analysis provides an initial user with the username root and password root. This configuration is insecure as attackers are aware that most serve...

EUVD-2023-0256

Malicious code in bioql PyPI...

EUVD-2024-19784

Malicious code in bioql PyPI...