CVE-2026-33879

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2026-33879
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-33879.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-33879
Aliases
  • GHSA-p34f-488j-5cwv
Published
2026-03-27T20:31:50.559Z
Modified
2026-04-02T13:41:35.292538Z
Severity
  • 2.7 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U CVSS Calculator
Summary
FLIP doesn't have rate limiting or brute-force protection on login
Details

Federated Learning and Interoperability Platform (FLIP) is an open-source platform for federated training and evaluation of medical imaging AI models across healthcare institutions. The FLIP login page in versions 0.1.1 and prior has no rate limiting or CAPTCHA, enabling brute-force and credential-stuffing attacks. FLIP users are external to the organization, increasing credential reuse risk. As of time of publication, it is unclear if a patch is available.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/33xxx/CVE-2026-33879.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-307"
    ]
}
References

Affected packages

Git / github.com/londonaicentre/flip

Affected ranges

Type
GIT
Repo
https://github.com/londonaicentre/flip
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
e5ddd6e0bbeea1c5ef3321b8f59e1e2bb52c7fb8
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.1.1"
        }
    ]
}

Affected versions

v0.*
v0.1.1

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-33879.json"