204 matches found
CVE-2026-13484
A flaw was found in MLflow. This vulnerability, located in the Experiment-scoped Label Schema CRUD API, allows a remote attacker to exploit missing authorization. This could lead to unauthorized access or manipulation of data within the affected component. The attack has a high complexity, making...
PYSEC-2026-417 Remote Code Execution due to Full Controled File Write in mlflow
The mlflow web server includes tools for tracking experiments, packaging code into reproducible runs, and sharing and deploying models. As this vulnerability allows to write / overwrite any file on the file system, it gives a lot of ways to archive code execution like overwriting /home//.bashrc. ...
CVE-2026-13484
A vulnerability has been found in MLflow up to 4666cffc7912ea606d592fc38d6a75e2935f65e7. The impacted element is an unknown function of the component Experiment-scoped Label Schema CRUD API. Such manipulation leads to missing authorization. It is possible to launch the attack remotely. A high...
GHSA-63HW-FMQ6-XXG2 vulnerabilities
Vulnerabilities for packages: mlflow, open-webui...
CVE-2026-2652
A flaw was found in mlflow. When the mlflow server is configured with basic authentication and served via uvicorn, an architectural mismatch in the FastAPI permission middleware allows unauthenticated remote attackers to bypass authentication on specific routes. This bypass enables attackers to...
CVE-2026-4137
A flaw was found in mlflow/mlflow. Insecure permissions on temporary directories allow local attackers to tamper with model artifacts, such as cloudpickle-serialized Python objects. This manipulation can lead to arbitrary code execution when the tampered artifacts are deserialized. This...
BIT-MLFLOW-2026-4035 Environment Variable Resolution Vulnerability in mlflow/mlflow
A vulnerability in mlflow/mlflow versions prior to 3.11.0 allows for the resolution of environment variables in AI Gateway secrets, which can be exploited to exfiltrate sensitive server-side environment credentials to an attacker-controlled endpoint. This issue arises because the apikey field in...
BIT-MLFLOW-2026-4137 Incomplete Fix for CVE-2025-10279: Insecure Temporary Directory Permissions in mlflow/mlflow
In mlflow/mlflow versions prior to 3.11.0, the getorcreatenfstmpdir function in mlflow/utils/fileutils.py creates temporary directories with world-writable permissions 0o777, and the createmodeldownloadingtmpdir function in mlflow/pyfunc/init.py creates directories with group-writable permissions...
a2 (>=0.1.0 <=0.3.17), abadpour (>=6.13.1 <=7.24.1) +952 more potentially affected by CVE-2026-10803 via mlflow (>=0.8.2 <=3.9.0)
mlflow PYPI version =0.8.2, =0.1.0, =6.13.1, =9.273.1, =1.1.0, =0.1.0, =0.1.0, =0.4.4, =0.3.0, =0.0.5, =1.0.0, =0.1.0, =1.1.1 - ai-helpers-pytorch-utils =0.1.0a1 - ailine-core =0.5.5 and more Source cves: CVE-2026-10803 Source advisory: SNYK:PYTHON-MLFLOW-17173043...
a2 (>=0.1.0 <=0.3.17), abnativ (>=1.1.0 <=1.2.9) +346 more potentially affected by CVE-2026-10803 via mlflow (>=0.8.2 <=3.10.0)
mlflow PYPI version =0.8.2, =0.1.0, =1.1.0, =0.0.5, =0.1.0, =0.1.0, =1.7.0, =1.7.0, =1.8.0, =1.7.0, =1.7.0, =0.1.1, =0.1.5 - anovos =1.1.0 and more Source cves: CVE-2026-10803 Source advisory: OSV:PYSEC-2026-195...
databricks-agents (>=0.1.0 <=1.0.0rc1), datamint (>=2.5.0 <=2.5.2) +18 more potentially affected by CVE-2026-4035 via mlflow (>=3.0.0rc2 <=3.10.1)
mlflow PYPI version =3.0.0rc2, =0.1.0, =2.5.0, =7.1.1, =0.2.0, =3.10.1, =1.0.1, =1.0.1, =3.0.15, =0.2.0.dev0, =0.6.7, =0.1.19, =0.1.0, =0.1.8 and more Source cves: CVE-2026-4035 Source advisory: SNYK:PYTHON-MLFLOW-17135851...
CVE-2026-4035 Environment Variable Resolution Vulnerability in mlflow/mlflow
A vulnerability in mlflow/mlflow versions prior to 3.11.0 allows for the resolution of environment variables in AI Gateway secrets, which can be exploited to exfiltrate sensitive server-side environment credentials to an attacker-controlled endpoint. This issue arises because the apikey field in...
CVE-2026-4035
CVE-2026-4035 affects mlflow/mlflow versions before 3.11.0. The API for AI Gateway secrets allows the api_key field to contain $ENV_VAR references, which are resolved against the MLflow server environment at runtime. Attackers can exfiltrate server-side environment credentials (e.g., AWS_ACCESS_K...
CVE-2026-2614
A flaw was found in mlflow. An unauthenticated remote attacker can exploit a vulnerability in the createmodelversion handler by including a specific tag, mlflow.prompt.isprompt, in a CreateModelVersion request. This bypasses source path validation, allowing the attacker to specify an arbitrary...
Exploit for Deserialization of Untrusted Data in Lfprojects Mlflow
CVE-2024-37054 — MLflow pyfunc Deserialization RCE Severity...
databricks-agents (>=0.1.0 <=1.0.0rc1), datamint (>=2.5.0 <=2.5.2) +18 more potentially affected by CVE-2025-10279 +1 more via mlflow (>=3.0.0rc2 <=3.10.1)
mlflow PYPI version =3.0.0rc2, =0.1.0, =2.5.0, =7.1.1, =0.2.0, =3.10.1, =1.0.1, =1.0.1, =3.0.15, =0.2.0.dev0, =0.6.7, =0.1.19, =0.1.0, =0.1.8 and more Source cves: CVE-2025-10279, CVE-2026-4137 Source advisory: SNYK:PYTHON-MLFLOW-16756601...
a2 (>=0.1.0 <=0.3.17), abnativ (>=1.1.0 <=1.2.9) +356 more potentially affected by CVE-2026-4137 via mlflow (>=0.8.2 <=3.10.1)
mlflow PYPI version =0.8.2, =0.1.0, =1.1.0, =0.0.5, =0.1.0, =0.1.0, =1.7.0, =1.7.0, =1.8.0, =1.7.0, =1.7.0, =0.1.1, =0.1.5 - anovos =1.1.0 and more Source cves: CVE-2026-4137 Source advisory: OSV:GHSA-F2M9-WCF4-CWWX...
databricks-agents (>=0.1.0 <=1.0.0rc1), datamint (>=2.5.0 <=2.5.2) +3 more potentially affected by CVE-2026-2652 via mlflow (>=3.0.0rc2 <=3.0.1)
mlflow PYPI version =3.0.0rc2, =0.1.0, =2.5.0, =0.2.0.dev0, =0.6.7, =0.8.1 Source cves: CVE-2026-2652 Source advisory: SNYK:PYTHON-MLFLOW-16698137...
EUVD-2026-30499
A vulnerability in mlflow/mlflow versions 3.9.0 and earlier allows unauthenticated access to certain FastAPI routes when the server is started with authentication enabled --app-name basic-auth and served via uvicorn ASGI. The FastAPI permission middleware only enforces authentication on /gateway/...
EUVD-2026-29180
A vulnerability in the createmodelversion handler of mlflow/server/handlers.py in mlflow/mlflow versions 3.9.0 and earlier allows an unauthenticated remote attacker to read arbitrary files from the server's filesystem. The issue arises when a CreateModelVersion request includes the tag...