CVE-2026-0596

Name of the Vulnerable Software and Affected Versions mlflow/mlflow (affected versions not specified)

Description A command injection issue exists in mlflow/mlflow when serving a model with enable mlserver=True. The model uri is directly incorporated into a shell command executed using bash -c without sufficient sanitization. If the model uri includes shell metacharacters, such as $() or backticks, it enables command substitution and the execution of commands controlled by an attacker. This can lead to privilege escalation if a higher-privileged service serves models from a directory writable by lower-privileged users. The model uri is the vulnerable parameter.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.