Lucene search
K

4 matches found

vulnersOsv
vulnersOsv
added 2026/04/03 6:31 p.m.7 views

azure-ai-generative (>=1.0.0b1 <=1.0.0b3), azure-ai-resources (>=1.0.0b1 <=1.0.0b9) +15 more potentially affected by CVE-2026-0545 via mlflow-skinny (>=3.0.0 <=3.0.1)

mlflow-skinny PYPI version =3.0.0, =1.0.0b1, =1.0.0b1, =0.1.0, =0.1.0, =2.5.0, =0.0.13, =3.0.0, =0.1.0, =0.1.4 and more Source cves: CVE-2026-0545 Source advisory: SNYK:PYTHON-MLFLOWSKINNY-15922302...

9.8CVSS7.7AI score0.04392EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/04/03 6:31 p.m.6 views

databricks-agents (>=0.1.0 <=1.0.0rc1), datamint (>=2.5.0 <=2.5.2) +3 more potentially affected by CVE-2026-0545 via mlflow (>=3.0.0rc2 <=3.0.1)

mlflow PYPI version =3.0.0rc2, =0.1.0, =2.5.0, =0.2.0.dev0, =0.6.7, =0.8.1 Source cves: CVE-2026-0545 Source advisory: SNYK:PYTHON-MLFLOW-15922301...

9.8CVSS7.7AI score0.04392EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2026/04/03 5:3 p.m.3 views

CVE-2026-0545 Missing Authentication for Critical Function in mlflow/mlflow

In mlflow/mlflow, the FastAPI job endpoints under /ajax-api/3.0/jobs/ are not protected by authentication or authorization when the basic-auth app is enabled. This vulnerability affects the latest version of the repository. If job execution is enabled MLFLOWSERVERENABLEJOBEXECUTION=true and any j...

9.1CVSS7.8AI score0.04392EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/03 5:3 p.m.161 views

CVE-2026-0545 Missing Authentication for Critical Function in mlflow/mlflow

In mlflow/mlflow, the FastAPI job endpoints under /ajax-api/3.0/jobs/ are not protected by authentication or authorization when the basic-auth app is enabled. This vulnerability affects the latest version of the repository. If job execution is enabled MLFLOWSERVERENABLEJOBEXECUTION=true and any j...

9.1CVSS0.04392EPSS
Exploits1References1
Rows per page
Query Builder