CVE-2026-2611

Name of the Vulnerable Software and Affected Versions MLflow version 3.9.0

Description The MLflow Assistant feature contains improper origin validation in its '/ajax-api' endpoints. This allows a remote attacker to use cross-origin requests from a malicious webpage to interact with an MLflow Assistant instance running on a victim's local machine. By bypassing the loopback-only restriction, an attacker can modify the Assistant's configuration to enable full access, leading to the execution of arbitrary commands via the Claude Code sub-agent.

Recommendations Update to version 3.10.0.