PYSEC-2026-100

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/nvflare/PYSEC-2026-100.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-100
Aliases
Published
2026-04-28T19:36:45.127Z
Modified
2026-06-10T17:02:26.310432093Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

NVIDIA NVFlare Dashboard contains a vulnerability in the user management and authentication system where an unauthenticated attacker may cause authorization bypass through user-controlled key. A successful exploit of this vulnerability may lead to privilege escalation, data tampering, information disclosure, code execution, and denial of service.

References

Affected packages

PyPI / nvflare

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.7.2

Affected versions

0.*
0.1.3
0.9.0
1.*
1.0.0
1.0.1
1.0.2
1.1.0
1.1.1
2.*
2.0.0
2.0.1
2.0.2
2.0.3
2.0.4
2.0.5
2.0.6
2.0.7
2.0.8
2.0.9
2.0.10
2.0.11
2.0.12
2.0.13
2.0.14
2.0.15
2.0.16
2.0.18
2.0.19
2.1.0
2.1.1
2.1.2
2.1.3
2.1.4
2.2.0rc1
2.2.0
2.2.1rc1
2.2.1rc4
2.2.1rc5
2.2.1rc6
2.2.1rc7
2.2.1rc8
2.2.1rc9
2.2.1
2.2.2
2.2.3
2.2.4
2.2.5
2.2.6
2.3.0rc1
2.3.0rc2
2.3.0rc3
2.3.0rc4
2.3.0rc5
2.3.0rc6
2.3.0rc7
2.3.0rc8
2.3.0
2.3.1
2.3.2
2.3.3
2.3.4
2.3.5
2.3.6
2.3.7
2.3.8
2.3.9
2.3.10
2.3.11
2.3.12
2.4.0rc1
2.4.0rc2
2.4.0rc3
2.4.0rc4
2.4.0rc5
2.4.0rc6
2.4.0rc7
2.4.0rc8
2.4.0rc9
2.4.0
2.4.1rc1
2.4.1rc2
2.4.1rc3
2.4.1rc4
2.4.1rc5
2.4.1rc6
2.4.1rc7
2.4.1rc8
2.4.1
2.4.2rc3
2.4.2
2.5.0rc1
2.5.0rc2
2.5.0rc3
2.5.0rc4
2.5.0rc5
2.5.0rc6
2.5.0rc7
2.5.0rc8
2.5.0rc9
2.5.0rc10
2.5.0rc11
2.5.0rc12
2.5.0
2.5.1rc1
2.5.1rc2
2.5.1
2.5.2
2.6.0rc1
2.6.0rc2
2.6.0rc3
2.6.0rc4
2.6.0rc5
2.6.0
2.6.1
2.6.2
2.6.3
2.7.0rc1
2.7.0rc2
2.7.0rc3
2.7.0rc4
2.7.0rc5
2.7.0rc6
2.7.0rc7
2.7.0rc8
2.7.0rc9
2.7.0rc10
2.7.0
2.7.1rc1
2.7.1rc2
2.7.1
2.7.2rc1
2.7.2rc2
2.7.2rc3
2.7.2rc4
2.7.2rc5
2.7.2rc6
2.7.2rc7
2.7.2rc8
2.7.2rc9
2.7.2rc10
2.7.2rc11
2.7.2rc12
2.7.2rc13
2.7.2rc14
2.7.2rc15
2.7.2rc16
2.7.2rc17
2.7.2rc18
2.7.2rc19
2.7.2rc20

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/nvflare/PYSEC-2026-100.yaml"