Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the apikey field in gateway secrets, which accepts environment variable references that are resolved against server-side credentials. An attacker can obtain sensitive environment...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the /mlflow-artifacts/mpu/ endpoints in --serve-artifacts mode. An attacker can gain unauthorized access to and overwrite artifacts belonging to other users by manipulating artifactpath and pathfilename argument...

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass via the SearchModelVersions REST API endpoint and the mlflowSearchModelVersions GraphQL query. An attacker can access sensitive information, including model names, version descriptions, source URIs, tags, and other...

Origin Validation Error

Overview Affected versions of this package are vulnerable to Origin Validation Error in the /ajax-api endpoints. An attacker can gain unauthorized access to the Assistant's configuration and execute arbitrary commands by sending crafted cross-origin requests from a malicious webpage. Remediation...

Creation of Temporary File With Insecure Permissions

Overview Affected versions of this package are vulnerable to Creation of Temporary File With Insecure Permissions via the getorcreatenfstmpdir and createmodeldownloadingtmpdir functions. An attacker can modify model artifacts by exploiting these permissions, potentially leading to arbitrary code...

azure-ai-generative (>=1.0.0b1 <=1.0.0b3), azure-ai-resources (>=1.0.0b1 <=1.0.0b9) +15 more potentially affected by CVE-2026-2652 via mlflow-skinny (>=3.0.0 <=3.0.1)

mlflow-skinny PYPI version =3.0.0, =1.0.0b1, =1.0.0b1, =0.1.0, =0.1.0, =2.5.0, =0.0.13, =3.0.0, =0.1.0, =0.1.4 and more Source cves: CVE-2026-2652 Source advisory: SNYK:PYTHON-MLFLOWSKINNY-16698136...

Authentication Bypass by Primary Weakness

Overview Affected versions of this package are vulnerable to Authentication Bypass by Primary Weakness via the findfastapivalidator function. An attacker can gain unauthorized access to sensitive API endpoints by sending requests to non-/gateway/ paths when the server is started with authenticati...

azure-ai-generative (>=1.0.0b1 <=1.0.0b3), azure-ai-resources (>=1.0.0b1 <=1.0.0b9) +15 more potentially affected by CVE-2026-2614 via mlflow-skinny (>=3.0.0 <=3.0.1)

mlflow-skinny PYPI version =3.0.0, =1.0.0b1, =1.0.0b1, =0.1.0, =0.1.0, =2.5.0, =0.0.13, =3.0.0, =0.1.0, =0.1.4 and more Source cves: CVE-2026-2614 Source advisory: SNYK:PYTHON-MLFLOWSKINNY-16643511...

azure-ai-generative (>=1.0.0b1 <=1.0.0b3), azure-ai-resources (>=1.0.0b1 <=1.0.0b9) +15 more potentially affected by CVE-2026-2393 via mlflow-skinny (>=3.0.0 <=3.0.1)

mlflow-skinny PYPI version =3.0.0, =1.0.0b1, =1.0.0b1, =0.1.0, =0.1.0, =2.5.0, =0.0.13, =3.0.0, =0.1.0, =0.1.4 and more Source cves: CVE-2026-2393 Source advisory: SNYK:PYTHON-MLFLOWSKINNY-16642072...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in validatewebhookurl, in validate.py. The createwebhook function accepts a user-controlled url parameter without validation. An attacker can cause the backend to send HTTP requests to internal services,...

azure-ai-generative (>=1.0.0b1 <=1.0.0b3), azure-ai-resources (>=1.0.0b1 <=1.0.0b9) +24 more potentially affected by CVE-2026-33865 via mlflow-skinny (>=3.0.0 <=3.11.0rc0)

mlflow-skinny PYPI version =3.0.0, =1.0.0b1, =1.0.0b1, =0.1.0, =0.1.0, =2.5.0, =0.0.13, =7.1.1, =3.0.0, =3.11.0rc0 and more Source cves: CVE-2026-33865 Source advisory: SNYK:PYTHON-MLFLOWSKINNY-15923608...

azure-ai-generative (>=1.0.0b1 <=1.0.0b3), azure-ai-resources (>=1.0.0b1 <=1.0.0b9) +24 more potentially affected by CVE-2026-33866 via mlflow-skinny (>=3.0.0 <=3.11.0rc0)

mlflow-skinny PYPI version =3.0.0, =1.0.0b1, =1.0.0b1, =0.1.0, =0.1.0, =2.5.0, =0.0.13, =7.1.1, =3.0.0, =3.11.0rc0 and more Source cves: CVE-2026-33866 Source advisory: SNYK:PYTHON-MLFLOWSKINNY-15923600...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization due to missing access-control validation in the AJAX endpoint used for downloading saved model artifacts. An attacker can gain unauthorized access to model artifacts by directly querying this endpoint without prope...

abadpour (>=6.13.1 <=7.24.1), abcli (>=9.273.1 <=9.572.1) +861 more potentially affected by CVE-2026-0545 via mlflow-skinny (>=1.19.0 <=3.9.0rc0)

mlflow-skinny PYPI version =1.19.0, =6.13.1, =9.273.1, =1.1.0, =0.1.0, =0.1.0, =0.4.4, =0.3.0, =0.1.0, =1.0.0, =0.1.0, =0.1.0, =0.2.1 - ainpp-pb-latam =1.0.0b2 and more Source cves: CVE-2026-0545 Source advisory: SNYK:PYTHON-MLFLOWSKINNY-15922302...

abadpour (>=6.13.1 <=7.24.1), abcli (>=9.273.1 <=9.572.1) +721 more potentially affected by CVE-2026-0596 via mlflow-skinny (>=3.0.0 <=3.9.0)

mlflow-skinny PYPI version =3.0.0, =6.13.1, =9.273.1, =2.0.0, =0.1.0, =0.1.0, =0.4.4, =0.3.0, =0.1.0, =1.0.0, =1.1.0, =0.1.0, =0.20.9, =0.21.10 and more Source cves: CVE-2026-0596 Source advisory: SNYK:PYTHON-MLFLOWSKINNY-15918170...

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection when serving models with enablemlserver=True due to unsanitized input being embedded into a shell command. An attacker can execute arbitrary commands by supplying specially crafted model URIs containing shell...

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection in the installmodeldependenciestoenv function. An attacker can execute arbitrary commands by supplying a crafted model artifact containing malicious dependency specifications in the pythonenv.yaml file, which...

abadpour (>=6.13.1 <=7.24.1), abcli (>=9.273.1 <=9.572.1) +861 more potentially affected by CVE-2025-15379 via mlflow-skinny (>=1.19.0 <=3.9.0rc0)

mlflow-skinny PYPI version =1.19.0, =6.13.1, =9.273.1, =1.1.0, =0.1.0, =0.1.0, =0.4.4, =0.3.0, =0.1.0, =1.0.0, =0.1.0, =0.1.0, =0.2.1 - ainpp-pb-latam =1.0.0b2 and more Source cves: CVE-2025-15379 Source advisory: SNYK:PYTHON-MLFLOWSKINNY-15857931...

Arbitrary File Write via Archive Extraction (Zip Slip)

Overview Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip via the extractarchivetodir function. An attacker can overwrite arbitrary files or gain elevated privileges by supplying a crafted tar.gz file containing malicious paths during...

abadpour (>=6.13.1 <=7.24.1), abcli (>=9.273.1 <=9.572.1) +721 more potentially affected by CVE-2025-15036 via mlflow-skinny (>=3.0.0 <=3.9.0)

mlflow-skinny PYPI version =3.0.0, =6.13.1, =9.273.1, =2.0.0, =0.1.0, =0.1.0, =0.4.4, =0.3.0, =0.1.0, =1.0.0, =1.1.0, =0.1.0, =0.20.9, =0.21.10 and more Source cves: CVE-2025-15036 Source advisory: SNYK:PYTHON-MLFLOWSKINNY-16698206...