CVE-2026-2614
Description
A vulnerability in the _create_model_version() handler of mlflow/server/handlers.py in mlflow/mlflow versions 3.9.0 and earlier allows an unauthenticated remote attacker to read arbitrary files from the server's filesystem. The issue arises when a CreateModelVersion request includes the tag mlflow.prompt.is_prompt, which bypasses source path validation. This enables an attacker to store an arbitrary local filesystem path as the model version source. The get_model_version_artifact_handler() function later uses this source to serve files without verifying the model version's prompt status, leading to a complete confidentiality compromise. This issue is fixed in version 3.10.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
mlflowPyPI | < 3.10.0 | 3.10.0 |
Affected products
3Patches
Vulnerability mechanics
References
4- github.com/mlflow/mlflow/commit/6e801f4259d96804c73107315b24cef0f6aa115anvdPatchWEB
- huntr.com/bounties/19380271-3fbf-4beb-987e-6fd7069c55e6nvdExploitThird Party AdvisoryWEB
- github.com/advisories/GHSA-42h5-h8qh-vv9vghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-2614ghsaADVISORY
News mentions
0No linked articles in our index yet.