GHSA-5WRP-CWCJ-Q835 vulnerabilities

Vulnerabilities for packages: art, docker-fips, eks-distro-fips, kgateway, neuvector-sigstore-interface-fips, terraform-provider-databricks, aws-iam-authenticator-fips, authentik, azurefile-csi, flux-notification-controller, argo-workflows-fips, consul-k8s, tempo, kubescape-operator-fips, dapr,...

CVE-2026-41178 vulnerabilities

Vulnerabilities for packages: art, docker-fips, eks-distro-fips, kgateway, neuvector-sigstore-interface-fips, terraform-provider-databricks, aws-iam-authenticator-fips, authentik, azurefile-csi, flux-notification-controller, argo-workflows-fips, consul-k8s, tempo, kubescape-operator-fips, dapr,...

Malicious code in databricks-tools-core (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 9ecf172545ef84f1fcbeeae028a55d2bb570d68a3356a26526269e267f184a10 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2026-5809 Malicious code in databricks-tools-core (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 9ecf172545ef84f1fcbeeae028a55d2bb570d68a3356a26526269e267f184a10 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

GHSA-W2Q5-6Q6X-X959 vulnerabilities

Vulnerabilities for packages: fulcio-fips, opentofu-fips, gatekeeper-fips, kubelet-csr-approver-fips, agentbeat, kubevirt-cdi-uploadproxy, crossplane-fips, kubernetes, sealed-secrets, flux-helm-controller-fips, cilium-fips, grept, flux-image-automation-controller, flux-operator-fips,...

azure-ai-generative (>=1.0.0b1 <=1.0.0b3), azure-ai-resources (>=1.0.0b1 <=1.0.0b9) +30 more potentially affected by CVE-2026-4035 via mlflow-skinny (>=3.0.0 <=3.11.0rc0)

mlflow-skinny PYPI version =3.0.0, =1.0.0b1, =1.0.0b1, =0.1.0, =0.1.0, =2.5.0, =0.0.13, =7.1.1, =0.2.0, =0.2.1 and more Source cves: CVE-2026-4035 Source advisory: SNYK:PYTHON-MLFLOWSKINNY-17135850...

databricks-agents (>=0.1.0 <=1.0.0rc1), datamint (>=2.5.0 <=2.5.2) +18 more potentially affected by CVE-2026-4035 via mlflow (>=3.0.0rc2 <=3.10.1)

mlflow PYPI version =3.0.0rc2, =0.1.0, =2.5.0, =7.1.1, =0.2.0, =3.10.1, =1.0.1, =1.0.1, =3.0.15, =0.2.0.dev0, =0.6.7, =0.1.19, =0.1.0, =0.1.8 and more Source cves: CVE-2026-4035 Source advisory: SNYK:PYTHON-MLFLOW-17135851...

databricks-agents (>=0.1.0 <=1.0.0rc1), datamint (>=2.5.0 <=2.5.2) +3 more potentially affected by CVE-2026-2651 via mlflow (>=3.0.0rc2 <=3.0.1)

mlflow PYPI version =3.0.0rc2, =0.1.0, =2.5.0, =0.2.0.dev0, =0.6.7, =0.8.1 Source cves: CVE-2026-2651 Source advisory: SNYK:PYTHON-MLFLOW-16874027...

azure-ai-generative (>=1.0.0b1 <=1.0.0b3), azure-ai-resources (>=1.0.0b1 <=1.0.0b9) +15 more potentially affected by CVE-2026-2651 via mlflow-skinny (>=3.0.0 <=3.0.1)

mlflow-skinny PYPI version =3.0.0, =1.0.0b1, =1.0.0b1, =0.1.0, =0.1.0, =2.5.0, =0.0.13, =3.0.0, =0.1.0, =0.1.4 and more Source cves: CVE-2026-2651 Source advisory: SNYK:PYTHON-MLFLOWSKINNY-16874026...

databricks-agents (>=0.1.0 <=1.0.0rc1), datamint (>=2.5.0 <=2.5.2) +18 more potentially affected by CVE-2025-10279 +1 more via mlflow (>=3.0.0rc2 <=3.10.1)

mlflow PYPI version =3.0.0rc2, =0.1.0, =2.5.0, =7.1.1, =0.2.0, =3.10.1, =1.0.1, =1.0.1, =3.0.15, =0.2.0.dev0, =0.6.7, =0.1.19, =0.1.0, =0.1.8 and more Source cves: CVE-2025-10279, CVE-2026-4137 Source advisory: SNYK:PYTHON-MLFLOW-16756601...

GHSA-F2M9-WCF4-CWWX MLFlow Creates a Temporary File With Insecure Permissions

In mlflow/mlflow versions prior to 3.11.0, the getorcreatenfstmpdir function in mlflow/utils/fileutils.py creates temporary directories with world-writable permissions 0o777, and the createmodeldownloadingtmpdir function in mlflow/pyfunc/init.py creates directories with group-writable permissions...

EUVD-2026-30807

In mlflow/mlflow versions prior to 3.11.0, the getorcreatenfstmpdir function in mlflow/utils/fileutils.py creates temporary directories with world-writable permissions 0o777, and the createmodeldownloadingtmpdir function in mlflow/pyfunc/init.py creates directories with group-writable permissions...

CVE-2026-4137

CVE-2026-4137 : In mlflow/mlflow before 3.11.0, two temp-dir creation paths expose world/group-writable permissions: get_or_create_nfs_tmp_dir() creates 0o777 and _create_model_downloading_tmp_dir() creates 0o770. This enables local attackers with access to shared NFS mounts (e.g., Databricks) to...

PT-2026-41733

Name of the Vulnerable Software and Affected Versions mlflow versions prior to 3.11.0 Description The get or create nfs tmp dir function in mlflow/utils/file utils.py creates temporary directories with world-writable permissions 0o777, and the create model downloading tmp dir function in...

databricks-agents (>=0.1.0 <=1.0.0rc1), datamint (>=2.5.0 <=2.5.2) +3 more potentially affected by CVE-2026-2652 via mlflow (>=3.0.0rc2 <=3.0.1)

mlflow PYPI version =3.0.0rc2, =0.1.0, =2.5.0, =0.2.0.dev0, =0.6.7, =0.8.1 Source cves: CVE-2026-2652 Source advisory: SNYK:PYTHON-MLFLOW-16698137...

azure-ai-generative (>=1.0.0b1 <=1.0.0b3), azure-ai-resources (>=1.0.0b1 <=1.0.0b9) +15 more potentially affected by CVE-2026-2652 via mlflow-skinny (>=3.0.0 <=3.0.1)

mlflow-skinny PYPI version =3.0.0, =1.0.0b1, =1.0.0b1, =0.1.0, =0.1.0, =2.5.0, =0.0.13, =3.0.0, =0.1.0, =0.1.4 and more Source cves: CVE-2026-2652 Source advisory: SNYK:PYTHON-MLFLOWSKINNY-16698136...

databricks-agents (>=0.1.0 <=1.0.0rc1), datamint (>=2.5.0 <=2.5.2) +3 more potentially affected by CVE-2026-2614 via mlflow (>=3.0.0rc2 <=3.0.1)

mlflow PYPI version =3.0.0rc2, =0.1.0, =2.5.0, =0.2.0.dev0, =0.6.7, =0.8.1 Source cves: CVE-2026-2614 Source advisory: SNYK:PYTHON-MLFLOW-16643490...

azure-ai-generative (>=1.0.0b1 <=1.0.0b3), azure-ai-resources (>=1.0.0b1 <=1.0.0b9) +15 more potentially affected by CVE-2026-2393 via mlflow-skinny (>=3.0.0 <=3.0.1)

mlflow-skinny PYPI version =3.0.0, =1.0.0b1, =1.0.0b1, =0.1.0, =0.1.0, =2.5.0, =0.0.13, =3.0.0, =0.1.0, =0.1.4 and more Source cves: CVE-2026-2393 Source advisory: SNYK:PYTHON-MLFLOWSKINNY-16642072...

databricks-agents (>=0.1.0 <=1.0.0rc1), datamint (>=2.5.0 <=2.5.2) +3 more potentially affected by CVE-2026-2393 via mlflow (>=3.0.0rc2 <=3.0.1)

mlflow PYPI version =3.0.0rc2, =0.1.0, =2.5.0, =0.2.0.dev0, =0.6.7, =0.8.1 Source cves: CVE-2026-2393 Source advisory: SNYK:PYTHON-MLFLOW-16642071...

📄 Apache Airflow Databricks Provider Certificate Verification Bypass

The Apache Airflow Databricks Provider package disables TLS certificate verification when communicating with the Kubernetes API server during federated token exchange. Both the synchronous and asynchronous code paths use verify=False / ssl=False, allowing any attacker with network access within t...