CVEFinder.io

CVE-2026-2734

đŸ”ļ medium
🔍 Scan for this CVE
Summary

In mlflow/mlflow versions up to 3.9.0, the `SearchModelVersions` REST API endpoint and the `mlflowSearchModelVersions` GraphQL query lack proper per-model authorization checks when basic authentication is enabled. This allows any authenticated user to enumerate all model versions across all registered models, regardless of their permission level. The issue arises due to the absence of `SearchModelVersions` in the `BEFORE_REQUEST_VALIDATORS` and `AFTER_REQUEST_HANDLERS` for the REST API, and its

Description

In mlflow/mlflow versions up to 3.9.0, the `SearchModelVersions` REST API endpoint and the `mlflowSearchModelVersions` GraphQL query lack proper per-model authorization checks when basic authentication is enabled. This allows any authenticated user to enumerate all model versions across all registered models, regardless of their permission level. The issue arises due to the absence of `SearchModelVersions` in the `BEFORE_REQUEST_VALIDATORS` and `AFTER_REQUEST_HANDLERS` for the REST API, and its omission from `GraphQLAuthorizationMiddleware.PROTECTED_FIELDS` for GraphQL. This vulnerability can expose sensitive information such as model names, version descriptions, source URIs, tags, and other metadata, potentially revealing proprietary or confidential details in multi-tenant environments. The issue is resolved in version 3.10.0.

CVSS Score
6.5
Medium
EPSS Score
0.0
Exploit Probability
Published Date
2026-05-21
First Seen: 2026-05-22
📊 Relative Risk Intelligence

This CVE is Lower Risk - more severe than 47.8% of all 326,604 vulnerabilities in our database.

#170,379
Below average severity
Severity Percentile
đŸŽ¯ CISA SSVC Assessment Updated: May 21, 2026
🔍 Exploitation Status
Poc
Proof-of-concept available
⚙ī¸ Automatable
NO
Requires human interaction
đŸ’Ĩ Technical Impact
Partial
Limited system impact
SSVC data provided by CISA
Last Modified 2026-06-02
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE IDs (Weakness Types)
CWE-284

đŸ“Ļ Affected Products 1

Vendor Product Status Affected Versions
lfprojects mlflow Affected
< 3.10.0

🔗 References 2

https://github.com/mlflow/mlflow/commit/6989066af33f...
Patch
https://huntr.com/bounties/d632f783-b2c7-4a3b-af5e-1...
Exploit Third Party Advisory

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-10803 ℹī¸ low 3.6 0.0 A flaw has been found in MLflow up to 3.10.0. This issue affects the function mlflow.data.digest_utils of the file mlflo... 2026-06-04
CVE-2026-4035 ⚠ī¸ high 7.7 0.1 A vulnerability in mlflow/mlflow versions prior to 3.11.0 allows for the resolution of environment variables in AI Gatew... 2026-06-03
CVE-2026-3198 đŸ”ļ medium 6.5 0.0 MLflow 3.9.0 with basic-auth (`--app-name basic-auth`) fails to enforce authorization checks for multiple Gateway API 'l... 2026-06-02
CVE-2026-2651 ⛔ critical 9.0 0.1 A vulnerability in MLflow versions <=3.10.1.dev0 allows unauthorized access to multipart upload (MPU) endpoints when the... 2026-05-25
CVE-2026-2611 ⛔ critical 9.6 0.0 In MLflow version 3.9.0, the MLflow Assistant feature introduced improper origin validation in its /ajax-api endpoints. ... 2026-05-19
CVE-2026-4137 ⚠ī¸ high 7.8 0.0 In mlflow/mlflow versions prior to 3.11.0, the `get_or_create_nfs_tmp_dir()` function in `mlflow/utils/file_utils.py` cr... 2026-05-18
These CVEs affect the same products