CVE-2026-33879

EPSS 0.06%
Veröffentlicht 27.03.2026 20:31:50
Zuletzt bearbeitet 08.04.2026 14:49:00
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Federated Learning and Interoperability Platform (FLIP) is an open-source platform for federated training and evaluation of medical imaging AI models across healthcare institutions. The FLIP login page in versions 0.1.1 and prior has no rate limiting or CAPTCHA, enabling brute-force and credential-stuffing attacks. FLIP users are external to the organization, increasing credential reuse risk. As of time of publication, it is unclear if a patch is available.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Aicentre ≫ Federated Learning And Interoperability Platform Version < 0.1.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.191

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
security-advisories@github.com	2.7	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-307 Improper Restriction of Excessive Authentication Attempts

The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.

https://github.com/londonaicentre/FLIP/security/advisories/GHSA-p34f-488j-5cwv

Vendor Advisory

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2026-33879

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-33879

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-33879

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-33879