Critical severity9.8NVD Advisory· Published Mar 27, 2026· Updated Apr 8, 2026
CVE-2026-33879
CVE-2026-33879
Description
Federated Learning and Interoperability Platform (FLIP) is an open-source platform for federated training and evaluation of medical imaging AI models across healthcare institutions. The FLIP login page in versions 0.1.1 and prior has no rate limiting or CAPTCHA, enabling brute-force and credential-stuffing attacks. FLIP users are external to the organization, increasing credential reuse risk. As of time of publication, it is unclear if a patch is available.
Affected products
1- cpe:2.3:a:aicentre:federated_learning_and_interoperability_platform:*:*:*:*:*:*:*:*Range: <0.1.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- github.com/londonaicentre/FLIP/security/advisories/GHSA-p34f-488j-5cwvnvdMitigationVendor Advisory
News mentions
0No linked articles in our index yet.