6 matches found
CVE-2022-31605
NVFLARE, versions prior to 2.1.2, contains a vulnerability in its utils module where YAML files are loaded with yaml.load() instead of yaml.safe_load(). This deserialization of untrusted data may allow an unauthenticated network attacker to cause Remote Code Execution, Denial of Service, and impa...
CVE-2022-31604
CVE-2022-31604 affects NVFLARE prior to 2.1.2. The PKI module deserializes CA credentials via pickle, enabling deserialization of untrusted data and potentially enabling Remote Code Execution, Denial of Service, and impact to Confidentiality/Integrity/Availability. Exploitation details are not pr...
CVE-2022-34668
NVFLARE before version 2.1.4 is affected by a deserialization vulnerability due to untrusted data via Python Pickle, enabling Remote Code Execution and Denial of Service with high impact to confidentiality and integrity. All versions prior to 2.1.4 are affected. Public writeups describe an attack...
CVE-2026-24178
NVIDIA NVFlare Dashboard (security bulletin for NVIDIA FLARE SDK) lists CVE-2026-24178 as a critical vulnerability in the user management and authentication system. An unauthenticated attacker may bypass authorization via a user-controlled key, with potential impacts including privilege escalatio...
CVE-2026-24186
CVE-2026-24186 affects NVIDIA FLARE SDK, specifically the FOBS component. The vulnerability allows deserialization of untrusted data via a malicious FOBS-encoded message, which could lead to code execution. Affected product: NVIDIA FLARE SDK; affected version range includes all pre-2.7.2 builds. ...
CVE-2026-24204
The CVE-2026-24204 entry concerns NVIDIA FLARE SDK, where the flaw is an improper input validation via path traversal in the SDK. This could allow an attacker to disclose information with network access and low privileges, as described in the NVIDIA bulletin. Affected product: NVIDIA FLARE SDK; v...