EXECUTIVE SUMMARY:
CVE-2026-48797 with a CVSS score of 9.3 is an authentication bypass vulnerability affecting the Backpropagate library for fine-tuning large language models. Although the command-line interface flags --auth and --share are documented to enforce HTTP Basic authentication, the underlying Reflex web UI backend fails to read the environment variable or register necessary authentication middleware. Consequently, an attacker who can reach the exposed network port, whether locally or remotely if the --share feature is enabled, can interact with the application without providing credentials. Successful exploitation grants the attacker full control over the training control plane, allowing them to read sensitive uploaded datasets, trigger arbitrary training runs against local base models, and initiate unauthorized exports to the HuggingFace Hub. This poses severe business risks, including intellectual property theft through data exfiltration, resource exhaustion via denial-of-service attacks, and the potential disruption of machine learning operations. Exploitation requires network connectivity to the bound UI port, which is trivially accessible if the system is configured for remote access.[/subscribe_to_unlock_form]
EXECUTIVE SUMMARY:
CVE-2026-48797 with a CVSS score of 9.3 is an authentication bypass vulnerability affecting the Backpropagate library for fine-tuning large language models. Although the command-line interface flags --auth and --share are documented to enforce HTTP Basic authentication, the underlying Reflex web UI backend fails to read the environment variable or register necessary authentication middleware. Consequently, an attacker who can reach the exposed network port, whether locally or remotely if the --share feature is enabled, can interact with the application without providing credentials. Successful exploitation grants the attacker full control over the training control plane, allowing them to read sensitive uploaded datasets, trigger arbitrary training runs against local base models, and initiate unauthorized exports to the HuggingFace Hub. This poses severe business risks, including intellectual property theft through data exfiltration, resource exhaustion via denial-of-service attacks, and the potential disruption of machine learning operations. Exploitation requires network connectivity to the bound UI port, which is trivially accessible if the system is configured for remote access.[emaillocker id="1283"]
RECOMMENDATION:
REFERENCES:
The following reports contain further technical details:
[/emaillocker]