VDB
KO
HIGH 7.5

PYSEC-2026-695

Allocation of Resources Without Limits or Throttling in nvflare

Details

### Impact NVIDIA FLARE contains a vulnerability in Admin Interface, where an un-authorized attacker can cause Allocation of Resources Without Limits or Throttling, which may lead to cause system unavailable

All versions before 2.0.16 are affected.

### Patches The patch will be included in nvflare==2.0.16.

### Workarounds The changes in commits https://github.com/NVIDIA/NVFlare/commit/93588b3a0dff9bd4568983071b74d8b420de3a6e and https://github.com/NVIDIA/NVFlare/commit/93588b3a0dff9bd4568983071b74d8b420de3a6e can be applied to any version of the NVIDIA FLARE without any adverse effect.

### Additional information Issue Found on: 2022.3.3 Issue Found by: Oliver Sellwood (@Nintorac)

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / nvflare
Introduced in: 0 Fixed in: 2.0.16
Fix pip install --upgrade 'nvflare>=2.0.16'

References