PT-2026-28273 · Databricks · Mlflow

Published

2026-03-30

Updated

2026-04-29

CVE-2025-15036

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions mlflow versions prior to 3.7.0

Description A path traversal issue exists in the extract archive to dir function within the mlflow/pyfunc/dbconnect artifact cache.py file of the mlflow/mlflow repository. The issue is due to insufficient validation of tar member paths during extraction. An attacker controlling the tar.gz file could exploit this to overwrite files or gain elevated privileges, potentially escaping the sandbox directory in multi-tenant or shared cluster environments. The vulnerable function is extract archive to dir.

Recommendations Update to version 3.7.0 or later. As a temporary workaround, avoid using untrusted or unverified tar.gz files with the extract archive to dir function.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-29

Related Identifiers

BIT-MLFLOW-2025-15036

CVE-2025-15036

GHSA-VHCX-3PQ2-4FVC

Affected Products

Mlflow

PT-2026-28273 · Databricks · Mlflow

CVE-2025-15036

Weakness Enumeration

Related Identifiers

Affected Products

References · 14