CVEFinder.io

CVE-2026-2651

⛔ critical
🔍 Scan for this CVE
Summary

A vulnerability in MLflow versions <=3.10.1.dev0 allows unauthorized access to multipart upload (MPU) endpoints when the `--serve-artifacts` mode is enabled. The authorization logic does not enforce resource-level permission checks for `/mlflow-artifacts/mpu/*` endpoints, enabling attackers to overwrite artifacts belonging to other users. This can lead to unauthorized cross-user writes, model supply chain poisoning, and arbitrary code execution when compromised models are loaded. The issue is re

Description

A vulnerability in MLflow versions <=3.10.1.dev0 allows unauthorized access to multipart upload (MPU) endpoints when the `--serve-artifacts` mode is enabled. The authorization logic does not enforce resource-level permission checks for `/mlflow-artifacts/mpu/*` endpoints, enabling attackers to overwrite artifacts belonging to other users. This can lead to unauthorized cross-user writes, model supply chain poisoning, and arbitrary code execution when compromised models are loaded. The issue is resolved in version 3.10.0.

CVSS Score
9.0
Critical
EPSS Score
0.1
Exploit Probability
Published Date
2026-05-25
First Seen: 2026-05-27
📊 Relative Risk Intelligence

This CVE is High Risk - more severe than 87.7% of all 326,604 vulnerabilities in our database.

#40,129
Top 25% most severe
Severity Percentile
đŸŽ¯ CISA SSVC Assessment Updated: May 26, 2026
🔍 Exploitation Status
Poc
Proof-of-concept available
⚙ī¸ Automatable
NO
Requires human interaction
đŸ’Ĩ Technical Impact
Total
Complete system compromise possible
SSVC data provided by CISA
Last Modified 2026-06-04
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
CWE IDs (Weakness Types)
CWE-862

đŸ“Ļ Affected Products 1

Vendor Product Status Affected Versions
lfprojects mlflow Affected
< 3.10.1

🔗 References 2

https://github.com/mlflow/mlflow/commit/d7290811d8f3...
Patch
https://huntr.com/bounties/65beb119-d3e0-4e03-af2f-f...
Exploit Third Party Advisory

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-10803 ℹī¸ low 3.6 0.0 A flaw has been found in MLflow up to 3.10.0. This issue affects the function mlflow.data.digest_utils of the file mlflo... 2026-06-04
CVE-2026-4035 ⚠ī¸ high 7.7 0.1 A vulnerability in mlflow/mlflow versions prior to 3.11.0 allows for the resolution of environment variables in AI Gatew... 2026-06-03
CVE-2026-3198 đŸ”ļ medium 6.5 0.0 MLflow 3.9.0 with basic-auth (`--app-name basic-auth`) fails to enforce authorization checks for multiple Gateway API 'l... 2026-06-02
CVE-2026-2734 đŸ”ļ medium 6.5 0.0 In mlflow/mlflow versions up to 3.9.0, the `SearchModelVersions` REST API endpoint and the `mlflowSearchModelVersions` G... 2026-05-21
CVE-2026-2611 ⛔ critical 9.6 0.0 In MLflow version 3.9.0, the MLflow Assistant feature introduced improper origin validation in its /ajax-api endpoints. ... 2026-05-19
CVE-2026-4137 ⚠ī¸ high 7.8 0.0 In mlflow/mlflow versions prior to 3.11.0, the `get_or_create_nfs_tmp_dir()` function in `mlflow/utils/file_utils.py` cr... 2026-05-18
These CVEs affect the same products