PT-2026-42395 · Mlflow · Mlflow
Published
2026-05-21
·
Updated
2026-06-05
·
CVE-2026-2734
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
mlflow/mlflow versions prior to 3.10.0
Description
When basic authentication is enabled, the 'SearchModelVersions' REST API endpoint and the 'mlflowSearchModelVersions' GraphQL query lack proper per-model authorization checks. This allows any authenticated user to enumerate all model versions across all registered models, regardless of their permission level. The issue is caused by the absence of 'SearchModelVersions' in the
BEFORE REQUEST VALIDATORS and AFTER REQUEST HANDLERS for the REST API, and its omission from GraphQLAuthorizationMiddleware.PROTECTED FIELDS for GraphQL. This can expose sensitive metadata, including model names, version descriptions, source URIs, and tags, which may reveal proprietary or confidential details in multi-tenant environments.Recommendations
Update to version 3.10.0.
Exploit
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mlflow