CVE-2026-24186EXPLOITED

nvidia · flare sdk

CVE-2026-24186: NVIDIA FLARE SDK contains a vulnerability in FOBS, where an attacker may cause deserialization of untrusted data by sen

Description

NVIDIA FLARE SDK contains a vulnerability in FOBS, where an attacker may cause deserialization of untrusted data by sending a malicious FOBS- encoded message. A successful exploit of this vulnerability might lead to code execution.

Affected Products

Vendor	Product	Versions
nvidia	flare sdk	All versions prior to 2.7.2

References

Related News (1 articles)

Tier C

VulDB7d ago

CVE-2026-24186 | NVIDIA FLARE SDK Encoded Message deserialization

→ No new info (linked only)

CVSS 3.18.8 HIGH

VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA KEV❌ No

Actively exploited✅ Yes

CWECWE-502

PublishedApr 28, 2026

Last enriched7d agov2

Trending Score15

Source articles1

Independent1

Info Completeness8/14

Missing: epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-31739

crypto: tegra - Add missing CRYPTO_ALG_ASYNC

Trending: 31

CRITICALPRE-CVE

Rowhammer Attack Against NVIDIA Chips

Trending: 30

CRITICALCVE-2026-24178EXP

CVE-2026-24178: NVIDIA NVFlare Dashboard contains a vulnerability in the user management and authentication system where an unauthentica

Trending: 20

HIGHCVE-2026-24222

CVE-2026-24222: NVIDIA NeMoClaw contains a vulnerability in the sandbox environment initialization component, where a remote attacker co

Trending: 14

MEDIUMCVE-2026-24204EXP

CVE-2026-24204: NVIDIA Flare SDK contains a vulnerability where an Attacker may cause an Improper Input Validation by path traversing. A

Trending: 12

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 28, 2026

Discovered by ZDM

Apr 28, 2026

Updated: severity, activelyExploited

Apr 28, 2026

Actively Exploited

Apr 29, 2026

Version History

Last enriched 7d ago

v2Tier C7d ago

Updated severity to CRITICAL and marked the vulnerability as actively exploited.

severityactivelyExploited

via VulDB

v17d ago

Initial creation