Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

CVE-2026-0596

🗓️ 31 Mar 2026 14:25:27Reported by @huntr_aiType 
cve
 cve🔗 web.nvd.nist.gov👁 13 Views🌐 WEB

CVE-2026-0596: Mlflow command injection when serving with enable_mlserver True; model_uri is embedded in a shell command without sanitization, allowing attacker commands and potential privilege escalation.

Related
Detection
Affected
Refs
Paths
ReporterTitlePublishedViews
Family
Huntr		Command Injection through bash -c
31 Dec 202514:25
huntr
ATTACKERKB		CVE-2026-0596
31 Mar 202614:25
attackerkb
Circl		CVE-2026-0596
31 Mar 202616:24
circl
CNNVD		MLflow 操作系统命令注入漏洞
31 Mar 202600:00
cnnvd
Cvelist		CVE-2026-0596 Command Injection in mlflow/mlflow
31 Mar 202614:25
cvelist
GithubExploit		Exploit for OS Command Injection in Lfprojects Mlflow
18 May 202610:53
githubexploit
EUVD		EUVD-2026-17415
31 Mar 202615:31
euvd
Github Security Blog		Mlflow: Command Injection when serving models with enable_mlserver=True
31 Mar 202615:31
github
NVD		CVE-2026-0596
31 Mar 202615:16
nvd
OSV		BIT-MLFLOW-2026-0596 Command Injection in mlflow/mlflow
16 Apr 202623:45
osv
Rows per page
NVD
Node
lfprojectsmlflowMatch-
[
  {
    "vendor": "mlflow",
    "product": "mlflow/mlflow",
    "versions": [
      {
        "version": "unspecified",
        "status": "affected",
        "versionType": "custom",
        "lessThanOrEqual": "latest"
      }
    ]
  }
]
ParameterPositionPathDescriptionCWE
params.custom_runtime_paramrequest body/invocationsUnsanitized shell command execution when model_uri is embedded into a shell command executed by bash -c during model serving (CWE-78).CWE-78

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
14 Apr 2026 16:01Current
7.4High risk
Vulners AI Score7.4
CVSS 3.17.8
CVSS 39.6
EPSS0.00165
SSVC
CWE-78
mlflow model servingcommand injectionenable mlservermodel urishell commandshell metacharactersprivilege escalation
13