Medium severity4.3NVD Advisory· Published Apr 7, 2026· Updated Apr 20, 2026
CVE-2026-33866
CVE-2026-33866
Description
MLflow is vulnerable to an authorization bypass affecting the AJAX endpoint used to download saved model artifacts. Due to missing access‑control validation, a user without permissions to a given experiment can directly query this endpoint and retrieve model artifacts they are not authorized to access.
This issue affects MLflow version through 3.10.1
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
mlflowPyPI | < 3.11.0rc0 | 3.11.0rc0 |
Affected products
6- osv-coords5 versionspkg:apk/chainguard/mlflowpkg:apk/chainguard/mlflow-fipspkg:apk/wolfi/mlflowpkg:bitnami/mlflowpkg:pypi/mlflow
< 3.11.1-r0+ 4 more
- (no CPE)range: < 3.11.1-r0
- (no CPE)range: < 3.11.1-r0
- (no CPE)range: < 3.11.1-r0
- (no CPE)range: < 3.11.1
- (no CPE)range: <= 3.10.1
Patches
Vulnerability mechanics
References
8- github.com/mlflow/mlflow/pull/21708nvdIssue TrackingPatchWEB
- afine.com/blogs/attacking-mlflow-how-ml-artifacts-become-attack-vectorsnvdExploitThird Party AdvisoryWEB
- cert.pl/en/posts/2026/04/CVE-2026-33865/nvdThird Party Advisory
- github.com/advisories/GHSA-46r5-x6jq-v8g6ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-33866ghsaADVISORY
- cert.pl/en/posts/2026/04/CVE-2026-33865ghsaWEB
- github.com/mlflow/mlflow/commit/005b959cacda05d1423356cfcbd9ebeda8ff96a7ghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/mlflow/PYSEC-2026-94.yamlghsaWEB
News mentions
0No linked articles in our index yet.