Lucene search
K

4 matches found

OSV
OSV
added 2026/05/19 8:53 a.m.12 views

BIT-MLFLOW-2026-2652 Authentication Bypass in mlflow/mlflow

A vulnerability in mlflow/mlflow versions 3.9.0 and earlier allows unauthenticated access to certain FastAPI routes when the server is started with authentication enabled --app-name basic-auth and served via uvicorn ASGI. The FastAPI permission middleware only enforces authentication on /gateway/...

8.6CVSS6AI score0.01502EPSS
Exploits1References3
OSV
OSV
added 2026/05/15 2:13 a.m.1 views

CVE-2026-2652 Authentication Bypass in mlflow/mlflow

A vulnerability in mlflow/mlflow versions 3.9.0 and earlier allows unauthenticated access to certain FastAPI routes when the server is started with authentication enabled --app-name basic-auth and served via uvicorn ASGI. The FastAPI permission middleware only enforces authentication on /gateway/...

8.6CVSS7.4AI score0.01502EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/04/03 5:3 p.m.3 views

CVE-2026-0545 Missing Authentication for Critical Function in mlflow/mlflow

In mlflow/mlflow, the FastAPI job endpoints under /ajax-api/3.0/jobs/ are not protected by authentication or authorization when the basic-auth app is enabled. This vulnerability affects the latest version of the repository. If job execution is enabled MLFLOWSERVERENABLEJOBEXECUTION=true and any j...

9.1CVSS7.8AI score0.04392EPSS
Exploits1References1
Zero Day Initiative
Zero Day Initiative
added 2025/10/03 12:0 a.m.5 views

MLflow Weak Password Requirements Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of MLflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of passwords. The issue results from weak password requirements. An attacker can...

8.1CVSS7.2AI score0.01492EPSS
Exploits0References1
Rows per page
Query Builder