CVE-2026-8147
CVE-2026-8147 – MLflow trace API authorization bypass : In MLflow versions prior to 3.14.0 running with authentication enabled, the trace API endpoints lack proper authorization validators because the _before_request handler does not register validators for trace endpoints. This allows any authen...