CVE-2026-2614
- EPSS 0.7%
- Veröffentlicht 11.05.2026 19:02:46
- Zuletzt bearbeitet 02.07.2026 12:17:02
A vulnerability in the `_create_model_version()` handler of `mlflow/server/handlers.py` in mlflow/mlflow versions 3.9.0 and earlier allows an unauthenticated remote attacker to read arbitrary files from the server's filesystem. The issue arises when ...
CVE-2026-2393
- EPSS 0.29%
- Veröffentlicht 11.05.2026 18:16:31
- Zuletzt bearbeitet 27.05.2026 19:05:55
A Server-Side Request Forgery (SSRF) vulnerability exists in MLflow versions prior to 3.9.0. The `_create_webhook()` function in `mlflow/server/handlers.py` accepts a user-controlled `url` parameter without validation, and the `_send_webhook_request(...
CVE-2026-33866
- EPSS 0.36%
- Veröffentlicht 07.04.2026 12:57:44
- Zuletzt bearbeitet 20.04.2026 18:45:16
MLflow is vulnerable to an authorization bypass affecting the AJAX endpoint used to download saved model artifacts. Due to missing access‑control validation, a user without permissions to a given experiment can directly query this endpoint and retrie...
CVE-2026-33865
- EPSS 0.22%
- Veröffentlicht 07.04.2026 12:57:38
- Zuletzt bearbeitet 20.04.2026 18:44:12
MLflow is vulnerable to Stored Cross-Site Scripting (XSS) caused by unsafe parsing of YAML-based MLmodel artifacts in its web interface. An authenticated attacker can upload a malicious MLmodel file containing a payload that executes when another use...
CVE-2026-0545
- EPSS 4.39%
- Veröffentlicht 03.04.2026 17:03:12
- Zuletzt bearbeitet 30.06.2026 03:17:02
In mlflow/mlflow, the FastAPI job endpoints under `/ajax-api/3.0/jobs/*` are not protected by authentication or authorization when the `basic-auth` app is enabled. This vulnerability affects the latest version of the repository. If job execution is e...
CVE-2026-0596
- EPSS 1.33%
- Veröffentlicht 31.03.2026 14:25:27
- Zuletzt bearbeitet 14.04.2026 16:01:29
A command injection vulnerability exists in mlflow/mlflow when serving a model with `enable_mlserver=True`. The `model_uri` is embedded directly into a shell command executed via `bash -c` without proper sanitization. If the `model_uri` contains shel...
CVE-2025-15379
- EPSS 1.99%
- Veröffentlicht 30.03.2026 07:16:57
- Zuletzt bearbeitet 30.06.2026 03:16:45
A command injection vulnerability exists in MLflow's model serving container initialization code, specifically in the `_install_model_dependencies_to_env()` function. When deploying a model with `env_manager=LOCAL`, MLflow reads dependency specificat...
- EPSS 0.59%
- Veröffentlicht 30.03.2026 01:16:06
- Zuletzt bearbeitet 30.06.2026 03:16:45
A path traversal vulnerability exists in the `extract_archive_to_dir` function within the `mlflow/pyfunc/dbconnect_artifact_cache.py` file of the mlflow/mlflow repository. This vulnerability, present in versions before v3.7.0, arises due to the lack ...
CVE-2025-15381
- EPSS 0.33%
- Veröffentlicht 27.03.2026 16:17:30
- Zuletzt bearbeitet 30.06.2026 03:16:45
In the latest version of mlflow/mlflow, when the `basic-auth` app is enabled, tracing and assessment endpoints are not protected by permission validators. This allows any authenticated user, including those with `NO_PERMISSIONS` on the experiment, to...
CVE-2025-15031
- EPSS 0.85%
- Veröffentlicht 18.03.2026 22:06:47
- Zuletzt bearbeitet 30.06.2026 03:16:45
A vulnerability in MLflow's pyfunc extraction process allows for arbitrary file writes due to improper handling of tar archive entries. Specifically, the use of `tarfile.extractall` without path validation enables crafted tar.gz files containing `..`...