CVE-2026-2614

Name of the Vulnerable Software and Affected Versions mlflow/mlflow versions prior to 3.10.0

Description An unauthenticated remote attacker can read arbitrary files from the server's filesystem. The issue occurs in the create model version() handler of mlflow/server/handlers.py when a 'CreateModelVersion' request includes the tag mlflow.prompt.is prompt, which bypasses source path validation. This allows an attacker to store an arbitrary local filesystem path as the model version source. Subsequently, the get model version artifact handler() function uses this source to serve files without verifying the prompt status of the model version.

Recommendations Update to version 3.10.0.