CVE-2026-4035

Name of the Vulnerable Software and Affected Versions mlflow versions prior to 3.11.0

Description An issue allows for the resolution of environment variables in AI Gateway secrets, enabling the exfiltration of sensitive server-side environment credentials to an attacker-controlled endpoint. This occurs because the api key field in gateway secrets accepts $ENV VAR references, which the MLflow server resolves during runtime and sends in provider authentication headers to the configured upstream api base. The flaw can be exploited by unauthenticated users in default deployments or low-privileged authenticated users in basic-auth deployments. Potential impacts include the leakage of cloud artifact credentials such as AWS ACCESS KEY ID and AWS SECRET ACCESS KEY, which may lead to artifact poisoning and cross-boundary code execution in downstream environments.

Recommendations Update to version 3.11.0.