PT-2026-42395 · Mlflow · Mlflow

Published

2026-05-21

·

Updated

2026-06-05

·

CVE-2026-2734

CVSS v3.1

6.5

Medium

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions mlflow/mlflow versions prior to 3.10.0
Description When basic authentication is enabled, the 'SearchModelVersions' REST API endpoint and the 'mlflowSearchModelVersions' GraphQL query lack proper per-model authorization checks. This allows any authenticated user to enumerate all model versions across all registered models, regardless of their permission level. The issue is caused by the absence of 'SearchModelVersions' in the BEFORE REQUEST VALIDATORS and AFTER REQUEST HANDLERS for the REST API, and its omission from GraphQLAuthorizationMiddleware.PROTECTED FIELDS for GraphQL. This can expose sensitive metadata, including model names, version descriptions, source URIs, and tags, which may reveal proprietary or confidential details in multi-tenant environments.
Recommendations Update to version 3.10.0.

Exploit

Fix

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

BIT-MLFLOW-2026-2734
CVE-2026-2734
GHSA-W5XQ-C4PF-GHQ7

Affected Products

Mlflow