PT-2026-28547 · Unknown · Federated Learning/Interoperability Platform
Published
2026-03-27
·
Updated
2026-04-08
·
CVE-2026-33879
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Federated Learning and Interoperability Platform (FLIP) versions prior to 0.1.1
Description
The Federated Learning and Interoperability Platform (FLIP) login page lacks rate limiting or CAPTCHA protection, which could allow brute-force and credential-stuffing attacks. FLIP users are external to the organization, increasing the risk of credential reuse. The platform is designed for federated training and evaluation of medical imaging AI models across healthcare institutions.
Recommendations
Apply a patch to address the missing rate limiting and CAPTCHA mechanisms.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Improper Restriction of Excessive Authentication Attempts
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Federated Learning/Interoperability Platform