CVE-2026-54533

Description

vantage6 is an open-source infrastructure for privacy preserving analysis. Prior to version 5.0.0, malicious algorithms can potentially access other algorithms input and output files. Version 5.0.0 fixes the issue. As a workaround, verify and restrict the algorithm containers that are allowed to run on the node.

CVSS breakdown

CVSS 4.0

Attack Vector

Network

Attack Complexity

Low

Attack Requirements

None

Privileges Required

None

User Interaction

None

Confidentiality (Vulnerable System)

None

Integrity (Vulnerable System)

Low

Availability (Vulnerable System)

None

Confidentiality (Subsequent System)

None

Integrity (Subsequent System)

None

Availability (Subsequent System)

None

Affected products

vantage6 / vantage6< 5.0.0 – < 5.0.0

References

VENDOR_ADVISORYhttps://github.com/vantage6/vantage6/security/advisories/GHSA-x9f6-9rvm-mmrg
MISChttps://github.com/vantage6/vantage6/issues/1932
MISChttps://docs.vantage6.ai/usage/running-the-node/security
MISChttps://github.com/vantage6/vantage6/blob/main/docs/release_notes.rst#500