1233 matches found
Authorization Bypass in SearchModelVersions Allows Any Authenticated User to Enumerate All Model Versions Regardless of Permissions
Summary MLflow's SearchModelVersions REST API endpoint GET /api/2.0/mlflow/model-versions/search and GraphQL query mlflowSearchModelVersions lack per-model authorization checks when basic auth is enabled. Any authenticated user can enumerate ALL model versions across ALL registered models,...
PT-2026-8004
Name of the Vulnerable Software and Affected Versions MLflow Tracking Server affected versions not specified Description A directory traversal issue exists in the MLflow Tracking Server's artifact handler, potentially leading to remote code execution. The issue involves improper handling of file...
Improper Origin Validation in MLflow Assistant /ajax-api Endpoints Enables Browser-Mediated Local Command Execution
Description Analyzed project version: MLflow 3.9.0 /version, commit 6e61043b0ff5d845bea479d7e7ea24dcd4b2c629. In MLflow 3.9.0, a new feature called MLflow Assistant was introduced, intended only for local development and designed to integrate with Claude Code accepting requests only from loopback...
Arbitrary File Read via Prompt Tag Source Validation Bypass in CreateModelVersion
The createmodelversion handler in mlflow/server/handlers.py uses a client-controlled tag to decide whether to skip source path validation. When a CreateModelVersion request includes the tag mlflow.prompt.isprompt, the helper ispromptrequest returns True, and the entire source validation block...
SSRF in MLflow via user-controlled webhook URL parameter
Description A Server-Side Request Forgery SSRF vulnerability exists in the webhook creation functionality of MLflow. The createwebhook handler accepts a user-controlled url parameter and stores it without any validation. When webhooks are tested or triggered, the sendwebhookrequest function sends...
CVE-2025-10279
In mlflow version 2.20.3, the temporary directory used for creating Python virtual environments is assigned insecure world-writable permissions 0o777. This vulnerability allows an attacker with write access to the /tmp directory to exploit a race condition and overwrite .py files in the virtual...
GHSA-76CG-CFHX-373F vulnerabilities
Vulnerabilities for packages: mlflow...
CVE-2024-37052 vulnerabilities
Vulnerabilities for packages: mlflow...
GHSA-4X5P-F36R-MXXR mlflow Creates of Temporary File in Directory with Insecure Permissions
In mlflow version 2.20.3, the temporary directory used for creating Python virtual environments is assigned insecure world-writable permissions 0o777. This vulnerability allows an attacker with write access to the /tmp directory to exploit a race condition and overwrite .py files in the virtual...
a2 (>=0.1.0 <=0.3.17), abadpour (>=6.13.1 <=7.24.1) +940 more potentially affected by CVE-2025-10279 via mlflow (>=0.8.2 <=3.4.0)
mlflow PYPI version =0.8.2, =0.1.0, =6.13.1, =9.273.1, =1.1.0, =0.1.0, =0.1.0, =0.4.4, =0.3.0, =0.0.5, =1.0.0, =0.1.0, =1.1.1 - ai-helpers-pytorch-utils =0.1.0a1 - ailine-core =0.5.5 and more Source cves: CVE-2025-10279 Source advisory: OSV:GHSA-4X5P-F36R-MXXR...
mlflow Creates of Temporary File in Directory with Insecure Permissions
In mlflow version 2.20.3, the temporary directory used for creating Python virtual environments is assigned insecure world-writable permissions 0o777. This vulnerability allows an attacker with write access to the /tmp directory to exploit a race condition and overwrite .py files in the virtual...
CVE-2025-10279
In mlflow version 2.20.3, the temporary directory used for creating Python virtual environments is assigned insecure world-writable permissions 0o777. This vulnerability allows an attacker with write access to the /tmp directory to exploit a race condition and overwrite .py files in the virtual...
CVE-2025-10279
In mlflow version 2.20.3, the temporary directory used for creating Python virtual environments is assigned insecure world-writable permissions 0o777. This vulnerability allows an attacker with write access to the /tmp directory to exploit a race condition and overwrite .py files in the virtual...
CVE-2025-10279
In mlflow version 2.20.3, the temporary directory used for creating Python virtual environments is assigned insecure world-writable permissions 0o777. This vulnerability allows an attacker with write access to the /tmp directory to exploit a race condition and overwrite .py files in the virtual...
EUVD-2025-206598
In mlflow version 2.20.3, the temporary directory used for creating Python virtual environments is assigned insecure world-writable permissions 0o777. This vulnerability allows an attacker with write access to the /tmp directory to exploit a race condition and overwrite .py files in the virtual...
CVE-2025-10279 Privilege Escalation in mlflow/mlflow
In mlflow version 2.20.3, the temporary directory used for creating Python virtual environments is assigned insecure world-writable permissions 0o777. This vulnerability allows an attacker with write access to the /tmp directory to exploit a race condition and overwrite .py files in the virtual...
CVE-2025-10279 Privilege Escalation in mlflow/mlflow
In mlflow version 2.20.3, the temporary directory used for creating Python virtual environments is assigned insecure world-writable permissions 0o777. This vulnerability allows an attacker with write access to the /tmp directory to exploit a race condition and overwrite .py files in the virtual...
CVE-2025-10279
CVE-2025-10279 affects mlflow 2.20.3 where the temporary directory used to create Python virtual environments is created with world-writable permissions (0o777). This insecure permission setup enables a local attacker with write access to /tmp to race and overwrite .py files inside the venv, enab...
Security Bulletin: The IBM Maximo Application Suite AI-Service component uses multiple third-party dependencies that contain vulnerabilities associated with multiple CVEs.
Summary The IBM Maximo Application Suite AI-Service component uses"langchaincore-0.3.29-py3-none-any.whl, langchaincore-0.3.80-py3-none-any.whl, jsonpath-plus-8.1.0.tgz, mlflow-2.19.0-py3-none-any.whl, pg8000-1.31.2-py3-none-any.whl" which are vulnerable to "CVE-2025-68664, CVE-2024-21534,...
PT-2026-5652
Name of the Vulnerable Software and Affected Versions mlflow versions prior to 3.4.0 Description A flaw exists in mlflow version 2.20.3 where the temporary directory used for creating Python virtual environments is assigned insecure world-writable permissions 0o777. This allows an attacker with...