CVEFinder.io

CVE-2026-2611

⛔ critical
🔍 Scan for this CVE
Summary

In MLflow version 3.9.0, the MLflow Assistant feature introduced improper origin validation in its /ajax-api endpoints. This vulnerability allows a remote attacker to exploit cross-origin requests from a malicious webpage to interact with the MLflow Assistant running on a victim's local machine. By bypassing the loopback-only restriction, the attacker can modify the Assistant's configuration to enable full access, which in turn allows the execution of arbitrary commands via the Claude Code sub-a

Description

In MLflow version 3.9.0, the MLflow Assistant feature introduced improper origin validation in its /ajax-api endpoints. This vulnerability allows a remote attacker to exploit cross-origin requests from a malicious webpage to interact with the MLflow Assistant running on a victim's local machine. By bypassing the loopback-only restriction, the attacker can modify the Assistant's configuration to enable full access, which in turn allows the execution of arbitrary commands via the Claude Code sub-agent. This issue is resolved in version 3.10.0.

CVSS Score
9.6
Critical
EPSS Score
0.0
Exploit Probability
Published Date
2026-05-19
First Seen: 2026-05-20
📊 Relative Risk Intelligence

This CVE is Very High Risk - more severe than 90.2% of all 326,604 vulnerabilities in our database.

#31,937
Top 10% most severe
Severity Percentile
đŸŽ¯ CISA SSVC Assessment Updated: May 19, 2026
🔍 Exploitation Status
Poc
Proof-of-concept available
⚙ī¸ Automatable
NO
Requires human interaction
đŸ’Ĩ Technical Impact
Total
Complete system compromise possible
SSVC data provided by CISA
Last Modified 2026-05-22
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CWE IDs (Weakness Types)
CWE-346

đŸ“Ļ Affected Products 1

Vendor Product Status Affected Versions
lfprojects mlflow Affected
> 3.9.0 < 3.10.0

🔗 References 2

https://github.com/mlflow/mlflow/commit/8f9c8a53af90...
Patch
https://huntr.com/bounties/8462addd-b464-4a84-b6a2-5...
Exploit Third Party Advisory

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-10803 ℹī¸ low 3.6 0.0 A flaw has been found in MLflow up to 3.10.0. This issue affects the function mlflow.data.digest_utils of the file mlflo... 2026-06-04
CVE-2026-4035 ⚠ī¸ high 7.7 0.1 A vulnerability in mlflow/mlflow versions prior to 3.11.0 allows for the resolution of environment variables in AI Gatew... 2026-06-03
CVE-2026-3198 đŸ”ļ medium 6.5 0.0 MLflow 3.9.0 with basic-auth (`--app-name basic-auth`) fails to enforce authorization checks for multiple Gateway API 'l... 2026-06-02
CVE-2026-2651 ⛔ critical 9.0 0.1 A vulnerability in MLflow versions <=3.10.1.dev0 allows unauthorized access to multipart upload (MPU) endpoints when the... 2026-05-25
CVE-2026-2734 đŸ”ļ medium 6.5 0.0 In mlflow/mlflow versions up to 3.9.0, the `SearchModelVersions` REST API endpoint and the `mlflowSearchModelVersions` G... 2026-05-21
CVE-2026-4137 ⚠ī¸ high 7.8 0.0 In mlflow/mlflow versions prior to 3.11.0, the `get_or_create_nfs_tmp_dir()` function in `mlflow/utils/file_utils.py` cr... 2026-05-18
These CVEs affect the same products