Description
NVIDIA Flare SDK contains a vulnerability where an Attacker may cause an Improper Input Validation by path traversing. A successful exploit of this vulnerability may lead to information disclosure.
Published: 2026-04-28
Score: 6.5 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

NVIDIA Flare SDK has an improper input validation flaw that allows an attacker to perform path traversal. This could enable the attacker to read files outside the intended directory, potentially leaking sensitive information. The weakness is categorized as CWE‑20, indicating untrusted data used in file path construction.

Affected Systems

Vendors affected include NVIDIA, specifically products using the Flare SDK. No specific version numbers are disclosed in the available data, so all installations of the Flare SDK should be evaluated for the presence of the flaw.

Risk and Exploitability

The CVSS v3.1 score of 6.5 indicates a moderate severity. EPSS data is unavailable, so the likelihood of exploitation cannot be quantified. The vulnerability is not listed in the CISA KEV catalog, suggesting no known widespread exploitation. The attacker could potentially exploit this flaw if an input channel to the SDK can be controlled, most likely through user‑supplied data or a network request. The impact is limited to information disclosure; no remote code execution or denial‑of‑service is indicated.

Generated by OpenCVE AI on April 28, 2026 at 23:11 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check the NVIDIA support portal and advisories for an official patch or update addressing the path traversal vulnerability in the Flare SDK.
  • Implement or enforce strict input validation on any data passed to the SDK, ensuring file paths cannot include directory traversal sequences.
  • Restrict file system permissions so that the application process running the SDK can only read files within a designated safe directory.
  • Isolate the SDK’s execution in a sandboxed environment or container with minimal file system access until a patch is applied.

Generated by OpenCVE AI on April 28, 2026 at 23:11 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 29 Apr 2026 10:30:00 +0000

Type Values Removed Values Added
First Time appeared Nvidia
Nvidia flare Sdk
Vendors & Products Nvidia
Nvidia flare Sdk

Tue, 28 Apr 2026 23:30:00 +0000

Type Values Removed Values Added
Title Improper Input Validation in NVIDIA Flare SDK Leading to Path Traversal and Information Disclosure

Tue, 28 Apr 2026 19:15:00 +0000

Type Values Removed Values Added
Description NVIDIA Flare SDK contains a vulnerability where an Attacker may cause an Improper Input Validation by path traversing. A successful exploit of this vulnerability may lead to information disclosure.
Weaknesses CWE-20
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

Subscriptions

Nvidia Flare Sdk
cve-icon MITRE

Status: PUBLISHED

Assigner: nvidia

Published:

Updated: 2026-04-28T17:46:15.175Z

Reserved: 2026-01-21T19:09:34.870Z

Link: CVE-2026-24204

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-28T19:36:45.397

Modified: 2026-04-28T20:10:42.070

Link: CVE-2026-24204

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-29T10:10:31Z

Weaknesses