2 matches found
CVE-2026-3198
creationtimestamp| type| source ---|---|--- 2026-06-02 04:48:34+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnbs4zpp6f2f...
CVE-2026-3198 Improper Access Control in mlflow/mlflow
MLflow 3.9.0 with basic-auth --app-name basic-auth fails to enforce authorization checks for multiple Gateway API 'list' endpoints. Specifically, the BEFOREREQUESTHANDLERS dictionary in mlflow/server/auth/init.py does not include entries for ListGatewaySecretInfos, ListGatewayEndpoints, and...