CVE-2026-2393

Name of the Vulnerable Software and Affected Versions MLflow versions prior to 3.9.0

Description A Server-Side Request Forgery (SSRF) issue exists where the create webhook() function in mlflow/server/handlers.py accepts a user-controlled url parameter without validation. Subsequently, the send webhook request() function in mlflow/webhooks/delivery.py sends HTTP POST requests to this attacker-controlled URL. This allows an authenticated attacker to force the backend to send HTTP requests to internal services, cloud metadata endpoints, or arbitrary external servers. The lack of input sanitization, URL scheme filtering, or allowlist validation enables potential cloud credential theft, internal network access, and data exfiltration.

Recommendations Update to version 3.9.0 or later.