2 matches found
MLflow < 3.8.0 Authentication Bypass (ZDI-26-111)
The version of MLflow installed on the remote host is prior to 3.8.0. It is, therefore, affected by an authentication bypass vulnerability: - A use of default password vulnerability exists in the basicauth.ini file. The file contains hard-coded default credentials that allow remote, unauthenticat...
CVE-2026-2635
creationtimestamp| type| source ---|---|--- 2026-02-19 05:00:00+00:00| seen| http://www.zerodayinitiative.com/advisories/ZDI-26-111/ 2026-02-21 00:00:36+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mfdcx3zcw32k 2026-03-01 00:01:22+00:00| seen|...