VYPR
Medium severity6.5NVD Advisory· Published Jun 2, 2026· Updated Jun 3, 2026

CVE-2026-3198

CVE-2026-3198

Description

MLflow 3.9.0 with basic-auth (--app-name basic-auth) fails to enforce authorization checks for multiple Gateway API 'list' endpoints. Specifically, the BEFORE_REQUEST_HANDLERS dictionary in mlflow/server/auth/__init__.py does not include entries for ListGatewaySecretInfos, ListGatewayEndpoints, and ListGatewayModelDefinitions. This allows any authenticated user, regardless of their assigned permissions, to enumerate all gateway secrets, endpoints, and model definitions. This vulnerability exposes sensitive information, such as API keys, endpoint configurations, and proprietary model definitions, to unauthorized users.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • Mlflow/Mlflow2 versions
    cpe:2.3:a:lfprojects:mlflow:3.9.0:-:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:lfprojects:mlflow:3.9.0:-:*:*:*:*:*:*
    • (no CPE)range: <3.9.0
  • osv-coords
    Range: >= 3.9.0, < 3.10.0

Patches

Vulnerability mechanics

References

1

News mentions

1