A critical authentication bypass in MLflow allows unauthenticated remote attackers to gain full administrative control and execute arbitrary code by exploiting hard-coded default credentials.

This flaw stems from the use of hard-coded default credentials within the basic_auth.ini configuration file. An unauthenticated remote attacker can exploit this weakness to bypass standard security protocols and execute arbitrary code with the privileges of the administrator.

A successful exploit poses a catastrophic risk to the organization’s machine learning pipeline and underlying infrastructure. Attackers can gain unauthorized access to sensitive models, manipulate data, or achieve full remote code execution (RCE). Given the CVSS score of 9.8, this vulnerability represents a critical threat to data integrity and system availability.

Immediate Action: Update MLflow to the latest secure version immediately and ensure that the default credentials in basic_auth.ini are changed to strong, unique values.

Proactive Monitoring: Review access logs for any unauthorized logins using default accounts and monitor for unusual administrative activities or unexpected code execution patterns.

Compensating Controls: Restrict access to the MLflow management interface using network-level access control lists (ACLs) or a VPN to ensure only trusted IPs can reach the service.

Public Exploit Available: No

The severity of this vulnerability cannot be overstated, as it grants complete control over the MLflow environment without requiring any prior authentication. Organizations must prioritize the rotation of all default credentials and update the software to the latest version immediately to mitigate the risk of administrative takeover.