FLIP Platform Login Vulnerable to Brute-Force Attacks
CVE Notify is flagging a critical vulnerability in the Federated Learning and Interoperability Platform (FLIP). This open-source platform, used for training and evaluating AI models on medical imaging data across healthcare institutions, has a glaring security hole in its login page for versions 0.1.1 and earlier. The issue stems from a lack of rate limiting and CAPTCHA protection, making it an open invitation for brute-force and credential-stuffing attacks.
The risk is amplified because FLIP users are typically external to the organizations deploying the platform. This often leads to users reusing credentials across multiple services, a practice that significantly increases the likelihood of successful credential stuffing. If an attacker gets hold of even a few leaked credentials, they could potentially gain unauthorized access to sensitive medical imaging AI models and data hosted on FLIP.
As of this report, CVE Notify indicates itβs uncertain whether a patch has been released to address this vulnerability. Organizations using FLIP should urgently investigate their version and assess their exposure.
What This Means For You
- Security teams must immediately verify the FLIP platform version in use and, if running 0.1.1 or prior, implement strict access controls and monitor for suspicious login attempts, even if a patch is not yet confirmed, to mitigate the risk of credential stuffing.
Related ATT&CK Techniques
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-33879 | Auth Bypass | Federated Learning and Interoperability Platform (FLIP) versions 0.1.1 and prior, login page, lack of rate limiting or CAPTCHA |
π Recommended Tools
Found this interesting? Follow us to stay ahead.