VYPR

Mlflow

by Mlflow

pypi: mlflow

Source repositories

CVEs (76)

  • CVE-2026-0545CriApr 3, 2026
    risk 0.65cvss 9.8epss 0.04

    In mlflow/mlflow, the FastAPI job endpoints under `/ajax-api/3.0/jobs/*` are not protected by authentication or authorization when the `basic-auth` app is enabled. This vulnerability affects the latest version of the repository. If job execution is enabled…

  • CVE-2025-15036CriMar 30, 2026
    risk 0.58cvss 10.0epss 0.01

    A path traversal vulnerability exists in the `extract_archive_to_dir` function within the `mlflow/pyfunc/dbconnect_artifact_cache.py` file of the mlflow/mlflow repository. This vulnerability, present in versions before v3.7.0, arises due to the lack of validation of tar member…

  • CVE-2025-15379CriMar 30, 2026
    risk 0.57cvss 9.8epss 0.02

    A command injection vulnerability exists in MLflow's model serving container initialization code, specifically in the `_install_model_dependencies_to_env()` function. When deploying a model with `env_manager=LOCAL`, MLflow reads dependency specifications from the model…

  • CVE-2026-2635CriFeb 20, 2026
    risk 0.57cvss 9.8epss 0.01

    MLflow Use of Default Password Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of MLflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the…

  • CVE-2026-2611CriMay 19, 2026
    risk 0.55cvss 9.6epss 0.00

    In MLflow version 3.9.0, the MLflow Assistant feature introduced improper origin validation in its /ajax-api endpoints. This vulnerability allows a remote attacker to exploit cross-origin requests from a malicious webpage to interact with the MLflow Assistant running on a…

  • CVE-2026-2651CriMay 25, 2026
    risk 0.52cvss 9.0epss 0.00

    A vulnerability in MLflow versions <=3.10.1.dev0 allows unauthorized access to multipart upload (MPU) endpoints when the `--serve-artifacts` mode is enabled. The authorization logic does not enforce resource-level permission checks for `/mlflow-artifacts/mpu/*` endpoints,…

  • CVE-2025-14287HigMar 16, 2026
    risk 0.50cvss 8.8epss 0.01

    A command injection vulnerability exists in mlflow/mlflow versions before v3.7.0, specifically in the `mlflow/sagemaker/__init__.py` file at lines 161-167. The vulnerability arises from the direct interpolation of user-supplied container image names into shell commands without…

  • CVE-2026-2652HigMay 15, 2026
    risk 0.49cvss 8.6epss 0.01

    A vulnerability in mlflow/mlflow versions 3.9.0 and earlier allows unauthenticated access to certain FastAPI routes when the server is started with authentication enabled (`--app-name basic-auth`) and served via uvicorn (ASGI). The FastAPI permission middleware only enforces…

  • CVE-2025-15381HigMar 27, 2026
    risk 0.46cvss 7.1epss 0.00

    In the latest version of mlflow/mlflow, when the `basic-auth` app is enabled, tracing and assessment endpoints are not protected by permission validators. This allows any authenticated user, including those with `NO_PERMISSIONS` on the experiment, to read trace information and…

  • CVE-2026-2033HigFeb 20, 2026
    risk 0.46cvss 8.1epss 0.02

    MLflow Tracking Server Artifact Handler Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MLflow Tracking Server. Authentication is not required to exploit this…

  • CVE-2025-14279HigJan 12, 2026
    risk 0.46cvss 8.1epss 0.00

    MLFlow versions up to and including 3.4.0 are vulnerable to DNS rebinding attacks due to a lack of Origin header validation in the MLFlow REST server. This vulnerability allows malicious websites to bypass Same-Origin Policy protections and execute unauthorized calls against…

  • CVE-2026-4137HigMay 18, 2026
    risk 0.44cvss 7.8epss 0.00

    In mlflow/mlflow versions prior to 3.11.0, the `get_or_create_nfs_tmp_dir()` function in `mlflow/utils/file_utils.py` creates temporary directories with world-writable permissions (0o777), and the `_create_model_downloading_tmp_dir()` function in `mlflow/pyfunc/__init__.py`…

  • CVE-2026-0596HigMar 31, 2026
    risk 0.44cvss 7.8epss 0.01

    A command injection vulnerability exists in mlflow/mlflow when serving a model with `enable_mlserver=True`. The `model_uri` is embedded directly into a shell command executed via `bash -c` without proper sanitization. If the `model_uri` contains shell metacharacters, such as…

  • CVE-2026-4035HigJun 3, 2026
    risk 0.43cvss 7.7epss 0.00

    A vulnerability in mlflow/mlflow versions prior to 3.11.0 allows for the resolution of environment variables in AI Gateway secrets, which can be exploited to exfiltrate sensitive server-side environment credentials to an attacker-controlled endpoint. This issue arises because…

  • CVE-2026-2614HigMay 11, 2026
    risk 0.42cvss 7.5epss 0.01

    A vulnerability in the `_create_model_version()` handler of `mlflow/server/handlers.py` in mlflow/mlflow versions 3.9.0 and earlier allows an unauthenticated remote attacker to read arbitrary files from the server's filesystem. The issue arises when a `CreateModelVersion`…

  • CVE-2026-2393HigMay 11, 2026
    risk 0.39cvss 7.1epss 0.00

    A Server-Side Request Forgery (SSRF) vulnerability exists in MLflow versions prior to 3.9.0. The `_create_webhook()` function in `mlflow/server/handlers.py` accepts a user-controlled `url` parameter without validation, and the `_send_webhook_request()` function in…

  • CVE-2025-10279HigFeb 2, 2026
    risk 0.39cvss 7.0epss 0.00

    In mlflow version 2.20.3, the temporary directory used for creating Python virtual environments is assigned insecure world-writable permissions (0o777). This vulnerability allows an attacker with write access to the `/tmp` directory to exploit a race condition and overwrite…

  • CVE-2026-3198MedJun 2, 2026
    risk 0.35cvss 6.5epss 0.00

    MLflow 3.9.0 with basic-auth (`--app-name basic-auth`) fails to enforce authorization checks for multiple Gateway API 'list' endpoints. Specifically, the `BEFORE_REQUEST_HANDLERS` dictionary in `mlflow/server/auth/__init__.py` does not include entries for…

  • CVE-2026-2734MedMay 21, 2026
    risk 0.35cvss 6.5epss 0.00

    In mlflow/mlflow versions up to 3.9.0, the `SearchModelVersions` REST API endpoint and the `mlflowSearchModelVersions` GraphQL query lack proper per-model authorization checks when basic authentication is enabled. This allows any authenticated user to enumerate all model…

  • CVE-2025-52967MedJun 23, 2025
    risk 0.31cvss 5.8epss 0.00

    gateway_proxy_handler in MLflow before 3.1.0 lacks gateway_path validation.

Page 1 of 4