A high-severity vulnerability has been discovered in multiple products utilizing MLFlow, allowing unauthenticated attackers to potentially read or modify sensitive files on the server. Successful exploitation could lead to a significant data breach, intellectual property theft, or service disruption. Organizations are strongly advised to apply the necessary security updates immediately to mitigate this critical risk.

This vulnerability is a path traversal flaw within the MLFlow artifact logging and retrieval component. An unauthenticated remote attacker can exploit this by crafting a malicious request containing "dot-dot-slash" (../) sequences in the artifact path parameter. This manipulation tricks the application into navigating outside of its restricted directory, granting the attacker unauthorized access to the underlying server's file system. An attacker could leverage this to read sensitive configuration files, source code, user credentials, or system files, and in some configurations, may be able to overwrite existing files to achieve arbitrary code execution or cause a denial of service.

This vulnerability is rated as High severity with a CVSS score of 8.1, posing a significant threat to the confidentiality, integrity, and availability of affected systems. A successful exploit could lead to the theft of sensitive corporate data, including proprietary machine learning models, training data, and application secrets. The potential for reputational damage, regulatory fines, and financial loss is substantial. Furthermore, if an attacker achieves code execution, they could establish a persistent foothold in the network, leading to a more widespread compromise of the organization's infrastructure.

Immediate Action: Organizations must apply the vendor-provided security updates to all affected MLFlow instances without delay. After patching, it is critical to review access logs and system logs for any signs of compromise that may have occurred before the patch was applied.

Proactive Monitoring: Security teams should implement enhanced monitoring of web server and application logs for MLFlow instances. Specifically, look for requests containing path traversal sequences such as ../, ..%2f, or other URL-encoded variations within URI paths. Monitor for any anomalous or unauthorized file access attempts on the servers hosting the MLFlow application.

Compensating Controls: If immediate patching is not feasible, implement the following compensating controls:

• Deploy a Web Application Firewall (WAF) with rules specifically designed to detect and block path traversal attack patterns.
• Ensure the MLFlow service is running with the lowest possible user privileges to limit an attacker's access to the file system.
• Restrict network access to the MLFlow interface, allowing connections only from trusted IP addresses and internal networks.

Public Exploit Available: false

Given the high CVSS score of 8.1 and the critical nature of the potential impact, we strongly recommend that all organizations treat this vulnerability with the highest priority. The absence of a CISA KEV entry or public exploits should not delay remediation efforts. All vulnerable instances of MLFlow should be patched immediately. If patching is delayed, the compensating controls outlined above must be implemented as an urgent interim measure to reduce the risk of compromise.