Lucene search
K

4 matches found

Snyk
Snyk
added 2026/05/21 7:35 a.m.10 views

Access Control Bypass

Overview mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Access Control Bypass via the SearchModelVersions REST API endpoin...

7.1CVSS6.7AI score0.00441EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/05/21 3:49 a.m.43 views

CVE-2026-2734 Authorization Bypass in SearchModelVersions in mlflow/mlflow

In mlflow/mlflow versions up to 3.9.0, the SearchModelVersions REST API endpoint and the mlflowSearchModelVersions GraphQL query lack proper per-model authorization checks when basic authentication is enabled. This allows any authenticated user to enumerate all model versions across all registere...

6.5CVSS0.00441EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/05/21 3:49 a.m.10 views

CVE-2026-2734 Authorization Bypass in SearchModelVersions in mlflow/mlflow

In mlflow/mlflow versions up to 3.9.0, the SearchModelVersions REST API endpoint and the mlflowSearchModelVersions GraphQL query lack proper per-model authorization checks when basic authentication is enabled. This allows any authenticated user to enumerate all model versions across all registere...

6.5CVSS6.5AI score0.00441EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.10 views

MLflow 访问控制错误漏洞

MLFlow is an open-source platform that simplifies machine learning development. It includes features for tracking experiments, packaging code into repeatable runs, and sharing and deploying models. Versions of mlflow prior to 3.9.0 contained a access control vulnerability. This vulnerability...

6.5CVSS6.7AI score0.00441EPSS
Exploits1References2
Rows per page
Query Builder