Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the /mlflow-artifacts/mpu/ endpoints in --serve-artifacts mode. An attacker can gain unauthorized access to and overwrite artifacts belonging to other users by manipulating artifactpath and pathfilename argument...

CVE-2026-2651 Missing Authorization Validation in mlflow/mlflow

A vulnerability in MLflow versions =3.10.1.dev0 allows unauthorized access to multipart upload MPU endpoints when the --serve-artifacts mode is enabled. The authorization logic does not enforce resource-level permission checks for /mlflow-artifacts/mpu/ endpoints, enabling attackers to overwrite...

EUVD-2026-31642

A vulnerability in MLflow versions =3.10.1.dev0 allows unauthorized access to multipart upload MPU endpoints when the --serve-artifacts mode is enabled. The authorization logic does not enforce resource-level permission checks for /mlflow-artifacts/mpu/ endpoints, enabling attackers to overwrite...

CVE-2026-2651

MLflow CVE-2026-2651 describes missing authorization validation for MPU endpoints under /mlflow-artifacts/mpu/* when serve-artifacts is enabled. Vulnerable in MLflow versions

CVE-2026-2651

A vulnerability in MLflow versions =3.10.1.dev0 allows unauthorized access to multipart upload MPU endpoints when the --serve-artifacts mode is enabled. The authorization logic does not enforce resource-level permission checks for /mlflow-artifacts/mpu/ endpoints, enabling attackers to overwrite...

PT-2026-43005

Name of the Vulnerable Software and Affected Versions MLflow versions prior to 3.10.0 Description Unauthorized access to multipart upload MPU endpoints is possible when the --serve-artifacts mode is enabled. The authorization logic fails to enforce resource-level permission checks for endpoints...

Access Control Bypass

Overview mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Access Control Bypass via the SearchModelVersions REST API endpoin...

CVE-2026-2734 Authorization Bypass in SearchModelVersions in mlflow/mlflow

In mlflow/mlflow versions up to 3.9.0, the SearchModelVersions REST API endpoint and the mlflowSearchModelVersions GraphQL query lack proper per-model authorization checks when basic authentication is enabled. This allows any authenticated user to enumerate all model versions across all registere...

CVE-2026-2734 Authorization Bypass in SearchModelVersions in mlflow/mlflow

In mlflow/mlflow versions up to 3.9.0, the SearchModelVersions REST API endpoint and the mlflowSearchModelVersions GraphQL query lack proper per-model authorization checks when basic authentication is enabled. This allows any authenticated user to enumerate all model versions across all registere...

PT-2026-42395

Name of the Vulnerable Software and Affected Versions mlflow/mlflow versions prior to 3.10.0 Description When basic authentication is enabled, the 'SearchModelVersions' REST API endpoint and the 'mlflowSearchModelVersions' GraphQL query lack proper per-model authorization checks. This allows any...

CVE-2026-2611 Improper Origin Validation in mlflow/mlflow

In MLflow version 3.9.0, the MLflow Assistant feature introduced improper origin validation in its /ajax-api endpoints. This vulnerability allows a remote attacker to exploit cross-origin requests from a malicious webpage to interact with the MLflow Assistant running on a victim's local machine. ...

CVE-2026-2611 Improper Origin Validation in mlflow/mlflow

In MLflow version 3.9.0, the MLflow Assistant feature introduced improper origin validation in its /ajax-api endpoints. This vulnerability allows a remote attacker to exploit cross-origin requests from a malicious webpage to interact with the MLflow Assistant running on a victim's local machine. ...

PT-2026-41843

Name of the Vulnerable Software and Affected Versions MLflow version 3.9.0 Description The MLflow Assistant feature contains improper origin validation in its '/ajax-api' endpoints. This allows a remote attacker to use cross-origin requests from a malicious webpage to interact with an MLflow...

CVE-2026-2652

A vulnerability in mlflow/mlflow versions 3.9.0 and earlier allows unauthenticated access to certain FastAPI routes when the server is started with authentication enabled --app-name basic-auth and served via uvicorn ASGI. The FastAPI permission middleware only enforces authentication on /gateway/...

CVE-2026-2652 Authentication Bypass in mlflow/mlflow

A vulnerability in mlflow/mlflow versions 3.9.0 and earlier allows unauthenticated access to certain FastAPI routes when the server is started with authentication enabled --app-name basic-auth and served via uvicorn ASGI. The FastAPI permission middleware only enforces authentication on /gateway/...

CVE-2026-2652

Summary (CVE-2026-2652) : In mlflow/mlflow

ai.wanaku:core-runtime-camel (>=0.0.4 <=0.0.9), ai.wanaku:core-services (>=0.0.2 <=0.0.3) +1617 more potentially affected by CVE-2026-40860 via org.apache.camel:camel-componentdsl (>=3.10.0 <=4.14.6)

org.apache.camel:camel-componentdsl MAVEN version =3.10.0, =0.0.4, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.4, =0.0.4, =0.0.4, =0.0.4, =0.0.4, =0.0.4, =0.0.7 and more Source cves: CVE-2026-40860 Source advisory: SNYK:JAVA-ORGAPACHECAMEL-16321539...

Poetry has Path Traversal in tar extraction on Python 3.10.0 - 3.10.12 and 3.11.0 - 3.11.4

Summary The extractall function in src/poetry/utils/helpers.py:410-426 extracts sdist tarballs without path traversal protection on Python versions where tarfile.datafilter is unavailable. Considering only Python versions which are still supported by Poetry, these are 3.10.0 - 3.10.12 and 3.11.0 ...

a-data-processing (=0.0.1), ab-data-processing (=0.0.1) +645 more potentially affected by CVE-2026-41312 via pypdf (>=3.10.0 <=6.10.1)

pypdf PYPI version =3.10.0, =0.1.1, =0.8.1, =0.9.1, =0.2.0, =0.0.2, =0.0.1, =0.0.1, =0.2.0, =0.1.4, =0.1.0a0.dev0, =1.1.3 and more Source cves: CVE-2026-41312 Source advisory: OSV:GHSA-7GW9-CF7V-778F...

CVE-2026-39844

CVE-2026-39844 affects NiceGUI prior to 3.10.0, where upload file names are sanitized using PurePosixPath(filename).name. On Windows, backslashes are not treated as path separators by PurePosixPath, allowing attackers to bypass sanitization with backslash-filled filenames. If applications constru...