CVE-2026-33865

Name of the Vulnerable Software and Affected Versions MLflow versions through 3.10.1

Description MLflow is susceptible to Stored Cross-Site Scripting (XSS) due to unsafe parsing of YAML-based MLmodel artifacts within its web interface. An authenticated attacker can upload a malicious MLmodel file that executes when another user views the artifact in the UI, potentially leading to session hijacking or unauthorized actions performed on behalf of the victim. Additionally, an authorization bypass exists in the AJAX endpoint used for downloading saved model artifacts. Missing access-control validation allows a user without appropriate permissions to directly query this endpoint and retrieve model artifacts they are not authorized to access.

Recommendations Update MLflow to a version later than 3.10.1.