PT-2026-43005 · Mlflow · Mlflow
Published
2026-02-18
·
Updated
2026-06-27
·
CVE-2026-2651
CVSS v3.1
9.0
Critical
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
MLflow versions prior to 3.10.0
Description
Unauthorized access to multipart upload (MPU) endpoints is possible when the
--serve-artifacts mode is enabled. The authorization logic fails to enforce resource-level permission checks for endpoints matching '/mlflow-artifacts/mpu/*', allowing attackers to overwrite artifacts belonging to other users. This flaw can result in unauthorized cross-user writes, model supply chain poisoning, and arbitrary code execution when compromised models are loaded.Recommendations
Update to version 3.10.0.
As a temporary workaround, disable the
--serve-artifacts mode to prevent unauthorized access to the affected endpoints.Exploit
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Mlflow