Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2026/06/02 10:52 p.m.14 views

CVE-2026-2614

A flaw was found in mlflow. An unauthenticated remote attacker can exploit a vulnerability in the createmodelversion handler by including a specific tag, mlflow.prompt.isprompt, in a CreateModelVersion request. This bypasses source path validation, allowing the attacker to specify an arbitrary...

7.5CVSS7.1AI score0.00696EPSS
Exploits1References5
OSV
OSV
added 2026/05/28 8:50 a.m.8 views

BIT-MLFLOW-2026-2614 Arbitrary File Read via Prompt Tag Source Validation Bypass in mlflow/mlflow

A vulnerability in the createmodelversion handler of mlflow/server/handlers.py in mlflow/mlflow versions 3.9.0 and earlier allows an unauthenticated remote attacker to read arbitrary files from the server's filesystem. The issue arises when a CreateModelVersion request includes the tag...

7.5CVSS7.3AI score0.00696EPSS
Exploits1References7
Cvelist
Cvelist
added 2026/05/11 7:2 p.m.42 views

CVE-2026-2614 Arbitrary File Read via Prompt Tag Source Validation Bypass in mlflow/mlflow

A vulnerability in the createmodelversion handler of mlflow/server/handlers.py in mlflow/mlflow versions 3.9.0 and earlier allows an unauthenticated remote attacker to read arbitrary files from the server's filesystem. The issue arises when a CreateModelVersion request includes the tag...

7.5CVSS0.00696EPSS
Exploits1References2
CVE
CVE
added 2026/05/11 7:2 p.m.12 views

CVE-2026-2614

Summary: CVE-2026-2614 affects mlflow/mlflow

7.5CVSS7.3AI score0.00696EPSS
Exploits1References6Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/11 7:2 p.m.8 views

CVE-2026-2614 Arbitrary File Read via Prompt Tag Source Validation Bypass in mlflow/mlflow

A vulnerability in the createmodelversion handler of mlflow/server/handlers.py in mlflow/mlflow versions 3.9.0 and earlier allows an unauthenticated remote attacker to read arbitrary files from the server's filesystem. The issue arises when a CreateModelVersion request includes the tag...

7.5CVSS7.3AI score0.00696EPSS
Exploits1References2
Huntr
Huntr
added 2026/02/10 7:2 p.m.38 views

Arbitrary File Read via Prompt Tag Source Validation Bypass in CreateModelVersion

The createmodelversion handler in mlflow/server/handlers.py uses a client-controlled tag to decide whether to skip source path validation. When a CreateModelVersion request includes the tag mlflow.prompt.isprompt, the helper ispromptrequest returns True, and the entire source validation block...

7.5CVSS7.3AI score0.00696EPSS
Exploits1
Rows per page
Query Builder