Lucene search
K

BIT-MLFLOW-2026-0596 Command Injection in mlflow/mlflow

🗓️ 16 Apr 2026 23:45:08Reported by GoogleType 
osv
 osv
🔗 osv.dev👁 6 Views

Command injection in mlflow when enable_mlserver is true; unsanitized model_uri in bash -c may enable privilege escalation.

Related
Refs
ReporterTitlePublishedViews
Family
Huntr
Command Injection through bash -c
31 Dec 202514:25
huntr
ATTACKERKB
CVE-2026-0596
31 Mar 202614:25
attackerkb
Circl
CVE-2026-0596
31 Mar 202616:24
circl
CNNVD
MLflow 操作系统命令注入漏洞
31 Mar 202600:00
cnnvd
CVE
CVE-2026-0596
31 Mar 202614:25
cve
Cvelist
CVE-2026-0596 Command Injection in mlflow/mlflow
31 Mar 202614:25
cvelist
GithubExploit
Exploit for OS Command Injection in Lfprojects Mlflow
18 May 202610:53
githubexploit
EUVD
EUVD-2026-17415
31 Mar 202615:31
euvd
Github Security Blog
Mlflow: Command Injection when serving models with enable_mlserver=True
31 Mar 202615:31
github
NVD
CVE-2026-0596
31 Mar 202615:16
nvd
Rows per page

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

29 Jun 2026 12:26Current
7.5High risk
Vulners AI Score7.5
CVSS 3.17.8
CVSS 39.6
EPSS0.01328
SSVC
6