PT-2026-43005 · Mlflow · Mlflow

Published

2026-02-18

·

Updated

2026-06-27

·

CVE-2026-2651

CVSS v3.1

9.0

Critical

VectorAV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions MLflow versions prior to 3.10.0
Description Unauthorized access to multipart upload (MPU) endpoints is possible when the --serve-artifacts mode is enabled. The authorization logic fails to enforce resource-level permission checks for endpoints matching '/mlflow-artifacts/mpu/*', allowing attackers to overwrite artifacts belonging to other users. This flaw can result in unauthorized cross-user writes, model supply chain poisoning, and arbitrary code execution when compromised models are loaded.
Recommendations Update to version 3.10.0. As a temporary workaround, disable the --serve-artifacts mode to prevent unauthorized access to the affected endpoints.

Exploit

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

BDU:2026-07859
BIT-MLFLOW-2026-2651
CVE-2026-2651
GHSA-8C7Q-86FQ-VVMH
PYSEC-2026-2220

Affected Products

Mlflow