Lucene search
K

7 matches found

OSV
OSV
added 2026/05/26 1:30 p.m.2 views

GHSA-8C7Q-86FQ-VVMH MLflow allows unauthorized access to multipart upload endpoints when the `--serve-artifacts` mode is enabled

A vulnerability in MLflow versions =3.10.1.dev0 allows unauthorized access to multipart upload MPU endpoints when the --serve-artifacts mode is enabled. The authorization logic does not enforce resource-level permission checks for /mlflow-artifacts/mpu/ endpoints, enabling attackers to overwrite...

9CVSS7.9AI score0.00345EPSS
Exploits1References7
PyPA
PyPA
added 2026/05/25 7:16 a.m.3 views

PYSEC-2026-2220

A vulnerability in MLflow versions =3.10.1.dev0 allows unauthorized access to multipart upload MPU endpoints when the --serve-artifacts mode is enabled. The authorization logic does not enforce resource-level permission checks for /mlflow-artifacts/mpu/ endpoints, enabling attackers to overwrite...

9CVSS7.4AI score0.00345EPSS
Exploits1References6Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/25 6:0 a.m.9 views

CVE-2026-2651 Missing Authorization Validation in mlflow/mlflow

A vulnerability in MLflow versions =3.10.1.dev0 allows unauthorized access to multipart upload MPU endpoints when the --serve-artifacts mode is enabled. The authorization logic does not enforce resource-level permission checks for /mlflow-artifacts/mpu/ endpoints, enabling attackers to overwrite...

9CVSS7.8AI score0.00345EPSS
Exploits1References2
CVE
CVE
added 2026/05/25 6:0 a.m.35 views

CVE-2026-2651

MLflow CVE-2026-2651 describes missing authorization validation for MPU endpoints under /mlflow-artifacts/mpu/* when serve-artifacts is enabled. Vulnerable in MLflow versions

9CVSS7.8AI score0.00345EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/05/25 6:0 a.m.3 views

CVE-2026-2651 Missing Authorization Validation in mlflow/mlflow

A vulnerability in MLflow versions =3.10.1.dev0 allows unauthorized access to multipart upload MPU endpoints when the --serve-artifacts mode is enabled. The authorization logic does not enforce resource-level permission checks for /mlflow-artifacts/mpu/ endpoints, enabling attackers to overwrite...

9CVSS7.8AI score0.00345EPSS
Exploits1References7
Cvelist
Cvelist
added 2026/05/25 6:0 a.m.50 views

CVE-2026-2651 Missing Authorization Validation in mlflow/mlflow

A vulnerability in MLflow versions =3.10.1.dev0 allows unauthorized access to multipart upload MPU endpoints when the --serve-artifacts mode is enabled. The authorization logic does not enforce resource-level permission checks for /mlflow-artifacts/mpu/ endpoints, enabling attackers to overwrite...

9CVSS0.00345EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/02/18 12:0 a.m.27 views

PT-2026-43005

Name of the Vulnerable Software and Affected Versions MLflow versions prior to 3.10.0 Description Unauthorized access to multipart upload MPU endpoints is possible when the --serve-artifacts mode is enabled. The authorization logic fails to enforce resource-level permission checks for endpoints...

9CVSS7.8AI score0.00345EPSS
Exploits1References12
Rows per page
Query Builder