41 matches found
CVE-2023-1177
CVE-2023-1177 is a path traversal / local-file-inclusion vulnerability in mlflow/mlflow prior to 2.2.1. Affects the MLflow server endpoints handling model-versions and artifacts (e.g., GET /model-versions/get-artifact) where a crafted path can disclose files outside the intended directory. Concre...
CVE-2024-3848
CVE-2024-3848 affects mlflow/mlflow up to version 2.11.0. The path traversal stems from improper handling of the fragment component in artifact URLs, where a ‘#’ can insert a path into the URL fragment and bypass validation, allowing an attacker to read arbitrary files by mapping the URL to a fil...
CVE-2022-0736
CVE-2022-0736 affects mlflow/mlflow prior to 1.23.1, describing an insecure temporary file issue. The root cause is use of the deprecated tempfile.mktemp() pattern in the affected code, with remediation to upgrade to mlflow 1.23.1 or later as indicated by OSV/GHSA entries. The connected sources c...
CVE-2023-6909
Mlflow up to version 2.9.2 is affected by CVE-2023-6909: a path traversal in the repository mlflow/mlflow allows escaping to read sensitive files via the sequence \..\filename. The vulnerability affects the mlflow/mlflow project prior to 2.9.2 and is classified as CWE-29. Impact in the NVD/NVD-de...
CVE-2024-4263
CVE-2024-4263 describes a broken access control in mlflow/mlflow prior to 2.10.1, where users with EDIT permissions on an experiment can delete artifacts they should only be able to read/update. The issue stems from insufficient validation of DELETE requests for artifact deletions, enabling unaut...
CVE-2024-27134
CVE-2024-27134 : Multiple connected sources confirm a vulnerability in MLflow’s spark_udf API where excessive directory permissions allow a local attacker to achieve privilege escalation via a ToCToU attack. Affected: MLflow (spark_udf path) with local execution context. Root cause: insufficient ...
CVE-2023-2356
CVE-2023-2356 is a Relative Path Traversal flaw in mlflow/mlflow before 2.3.1. The connected sources (Nuclei template, OSV entries, GHSA advisories) describe a vulnerability allowing traversal to read sensitive server files (LFI) via a crafted path. Affected software: mlflow/mlflow, versions prio...
CVE-2023-3765
MLflow (mlflow/mlflow) prior to version 2.5.0 contains an Absolute Path Traversal vulnerability. The issue arises in an MLflow repository and can lead to unauthorized access to sensitive information stored on the server. According to the connected sources, the affected component is mlflow/mlflow’...
CVE-2023-1176
The CVE affects the open source MLflow project mlflow/mlflow prior to version 2.2.2 (ABSOLUTE PATH TRAVERSAL). Documented in multiple sources, the vulnerability allows an attacker to traverse the filesystem to access arbitrary files on the host via the mlflow server/ui workflow (attack vector: LO...
CVE-2024-0520
CVE-2024-0520 affects mlflow/mlflow v8.2.1, enabling remote code execution via command injection in mlflow.data.http_dataset_source.py when loading an HTTP URL dataset. The filename gathered from Content-Disposition or URL path is used to form the final file path without proper sanitization, allo...
CVE-2023-2780
CVE-2023-2780 affects the open-source project mlflow/mlflow prior to version 2.3.1. A path traversal flaw, described as a Local File Inclusion bypass via the payload "..\filename", can allow an attacker to read local files on the server. The Nuclei/NVD entries consistently reference this vulnerab...
CVE-2024-1483
Summary: CVE-2024-1483 is a path traversal vulnerability in mlflow/mlflow 2.9.2 that allows an attacker to access arbitrary server files. The issue stems from insufficient validation of user-supplied input in server handlers, enabling traversal via crafted HTTP POST requests using crafted artifac...
CVE-2023-6015
CVE-2023-6015 corresponds to MLflow where the server could be subjected to an arbitrary file upload. Multiple connected sources corroborate: the vulnerability is described as allowing arbitrary files to be PUT onto the MLflow server, with various third-party advisories and vulnerability databases...
CVE-2025-1474
Summary: CVE-2025-1474 affects mlflow/mlflow 2.18, where an admin can create a new user account without a password, potentially enabling unauthorized access. The issue is fixed in version 2.19.0. Reports across multiple sources (Red Hat, CIRCL, GHSA, osv, NVD, OSV) corroborate the same descriptio...
CVE-2024-1558
CVE-2024-1558 (mlflow/mlflow) describes a path traversal vulnerability in the function _create_model_version() in server/handlers.py due to improper validation of the source parameter. Attackers can bypass the check in _validate_non_local_source_contains_relative_paths(source) and gain arbitrary ...
CVE-2023-30172
CVE-2023-30172 describes a directory traversal in the mlflow platform’s /get-artifact API, allowing an attacker to read arbitrary server files via the path parameter. Affected: mlflow up to v2.0.1. Underlying cause: directory traversal in the get-artifact endpoint. Impact is high on confidentiali...
CVE-2024-1594
CVE-2024-1594 is a path traversal vulnerability in mlflow/mlflow related to handling of artifact_location when creating an experiment. The connected OSV entry states that a fragment component # in the artifact URL can be used to bypass validation and allow reading arbitrary files on the server wi...
CVE-2024-2928
Summary: MLflow
CVE-2023-6831
mlflow/mlflow prior to 2.9.2 is exposed to a path traversal in artifact deletion. The root cause is a double decoding path handling: _delete_artifact_mlflow_artifacts and local_file_uri_to_path allow traversal due to an extra unquote operation in delete_artifacts. This can enable deletion of arbi...
CVE-2024-1593
This CVE describes a path traversal vulnerability in the mlflow/mlflow repository caused by improper handling of URL parameters. Attackers can smuggle path traversal sequences using the ';' character in URLs to manipulate the 'params' portion and access unauthorized files or directories. The repo...
CVE-2024-3573
The CVE-2024-3573 entry concerns mlflow/mlflow with a Local File Inclusion (LFI) caused by improper parsing of URIs in the is_local_uri logic. The issue misclassifies URIs with empty or file schemes as non-local, enabling an attacker to craft malicious model versions (source parameter) that bypas...
CVE-2023-6014
CVE-2023-6014 affects MLflow and describes an authentication bypass that lets an attacker arbitrarily create accounts via the MLflow server/UI without credentials. Documentation in connected sources confirms the vulnerability stems from bypassing MLflow’s authentication mechanism (basic auth path...
CVE-2026-4035
CVE-2026-4035 affects mlflow/mlflow versions before 3.11.0. The API for AI Gateway secrets allows the api_key field to contain $ENV_VAR references, which are resolved against the MLflow server environment at runtime. Attackers can exfiltrate server-side environment credentials (e.g., AWS_ACCESS_K...
CVE-2023-6940
CVE-2023-6940 is a command-injection vulnerability affecting mlflow where a single user interaction (e.g., loading a malicious config) can lead to full command execution on the host. The publicly documented root cause in at least one source is unsafe YAML/config rendering due to not sandboxing th...
CVE-2023-6974
CVE-2023-6974 is a server-side request forgery (SSRF) affecting MLflow. The connected documents describe an issue where a malicious user can abuse redirects during artifact fetching to access internal HTTP(S) servers and, in the worst case, achieve remote code execution on the victim machine. The...
CVE-2023-4033
CVE-2023-4033 : The connected documents confirm an OS Command Injection vulnerability affecting the project mlflow/mlflow prior to version 2.6.0 . The sources (OSV, GHSA, NVD, and related advisories) consistently describe it as an OS command injection issue in that repository/version range. The d...
CVE-2023-6753
CVE-2023-6753 is a path traversal vulnerability in mlflow/mlflow prior to 2.9.2. Affected software: mlflow/mlflow. Root cause: path traversal allowing access to files beyond the intended directory. Impact per CVE metrics: Confidentiality, Integrity, and Availability high. Exploitation details and...
CVE-2023-6709
CVE-2023-6709 affects mlflow/mlflow up to version 2.9.1 (prior to 2.9.2). The issue is improper neutralization of special elements used in a template engine (Jinja2), enabling template injection with potential arbitrary code execution. Affected component: mlflow/mlflow templates; root cause: inse...
CVE-2023-6975
CVE-2023-6975 is described in the connected data as a path traversal vulnerability related to MLflow (BIT-MLFLOW-2023-6975 / GHSA ...), potentially allowing command execution and access to data and models. The supplied documents do not provide explicit affected versions or remediation details; no...
CVE-2023-6976
CVE-2023-6976 is an Arbitrary File Write issue described across multiple sources (NVD, Red Hat, OSV, Veracode, GitHub advisories) affecting the server process’s ability to write files to arbitrary locations on the remote filesystem. Public descriptions consistently state the vulnerability enables...
CVE-2025-14279
The CVE details a DNS rebinding vulnerability in MLflow up to version 3.4.0 caused by lack of Origin header validation in the MLflow REST server. The issue allows an attacker to bypass Same-Origin Policy and issue unauthorized requests to REST endpoints, enabling querying, updating, and deleting ...
CVE-2025-11201
CVE-2025-11201 is a Directory Traversal leading to Remote Code Execution in MLflow Tracking Server. The flaw arises from improper validation of a user-supplied model file path, allowing an attacker to execute code with the service account via crafted paths over the network without authentication....
CVE-2026-2652
Summary (CVE-2026-2652) : In mlflow/mlflow
CVE-2025-15036
CVE-2025-15036 concerns a path-traversal vulnerability in the mlflow/mlflow project, specifically in mlflow/pyfunc/dbconnect_artifact_cache.py within extract_archive_to_dir(). The issue arises from unvalidated tar member paths during extraction, allowing a tar.gz controlled by an attacker to over...
CVE-2025-14287
Summary: CVE-2025-14287 is a command-injection in mlflow/mlflow prior to v3.7.0. The flaw resides in mlflow/sagemaker/init .py (lines 161–167) where user-supplied container image names are directly interpolated into shell commands and executed with os.system(), enabling arbitrary command executio...
CVE-2026-2393
CVE-2026-2393: MLflow prior to 3.9.0 is vulnerable to SSRF via a user-controlled webhook URL. The _create_webhook() handler stores the URL without validation, and _send_webhook_request() POSTs to that URL, enabling an authenticated attacker to cause the MLflow backend to reach internal services, ...
CVE-2026-2734
Summary : For mlflow/mlflow up to version 3.9.0, the REST endpoint GET /api/2.0/mlflow/model-versions/search and the GraphQL query mlflowSearchModelVersions lack per-model authorization when basic auth is enabled. This results in any authenticated user being able to enumerate all model versions a...
CVE-2026-4137
CVE-2026-4137 : In mlflow/mlflow before 3.11.0, two temp-dir creation paths expose world/group-writable permissions: get_or_create_nfs_tmp_dir() creates 0o777 and _create_model_downloading_tmp_dir() creates 0o770. This enables local attackers with access to shared NFS mounts (e.g., Databricks) to...
CVE-2025-10279
CVE-2025-10279 affects mlflow 2.20.3 where the temporary directory used to create Python virtual environments is created with world-writable permissions (0o777). This insecure permission setup enables a local attacker with write access to /tmp to race and overwrite .py files inside the venv, enab...
CVE-2026-8147
CVE-2026-8147 – MLflow trace API authorization bypass : In MLflow versions prior to 3.14.0 running with authentication enabled, the trace API endpoints lack proper authorization validators because the _before_request handler does not register validators for trace endpoints. This allows any authen...
CVE-2026-2614
Summary: CVE-2026-2614 affects mlflow/mlflow