VYPR
High severity7.8NVD Advisory· Published Mar 31, 2026· Updated Apr 14, 2026

CVE-2026-0596

CVE-2026-0596

Description

A command injection vulnerability exists in mlflow/mlflow when serving a model with enable_mlserver=True. The model_uri is embedded directly into a shell command executed via bash -c without proper sanitization. If the model_uri contains shell metacharacters, such as $() or backticks, it allows for command substitution and execution of attacker-controlled commands. This vulnerability affects the latest version of mlflow/mlflow and can lead to privilege escalation if a higher-privileged service serves models from a directory writable by lower-privileged users.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
mlflowPyPI
< 3.9.03.9.0

Affected products

3
  • Mlflow/Mlflow2 versions
    cpe:2.3:a:lfprojects:mlflow:-:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:lfprojects:mlflow:-:*:*:*:*:*:*:*
    • (no CPE)range: latest
  • osv-coords
    Range: < 3.11.1

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.