CVE-2026-24178

Name of the Vulnerable Software and Affected Versions NVFlare Dashboard versions prior to 2.5.0

Description A flaw in the user management and authentication system allows an unauthenticated attacker to bypass authorization using a user-controlled key. This can result in privilege escalation to full administrator levels, arbitrary code execution, data tampering, information disclosure, and denial of service, granting total access to sensitive project data.

Recommendations Update to version 2.5.0.