CVE-2026-2393

MLflow · MLflow

A Server-Side Request Forgery (SSRF) vulnerability in MLflow allows authenticated attackers to perform unauthorized requests.

Executive summary

A Server-Side Request Forgery (SSRF) vulnerability in MLflow versions prior to 3.10.0 poses a risk of unauthorized internal network access by authenticated users.

Vulnerability

This vulnerability is a Server-Side Request Forgery (CWE-918) flaw. The CVSS vector (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N) indicates that an attacker with low-level privileges can exploit the system over the network without user interaction.

Business impact

Successful exploitation could allow an attacker to interact with internal services or APIs that are otherwise inaccessible from the public network. Given the CVSS score of 7.1, this is a High severity issue that could lead to unauthorized data exposure or the orchestration of further attacks against internal infrastructure.

Remediation

Immediate Action: Update MLflow to version 3.9.0 or later to ensure the vulnerability is patched.

Proactive Monitoring: Review application access logs for unusual outbound requests originating from the MLflow service to internal, non-public IP addresses.

Compensating Controls: Implement strict egress filtering on the network segment hosting MLflow to restrict unauthorized outbound connections to internal resources.

Exploitation status

Public Exploit Available: Unknown.

Analyst recommendation

Organizations utilizing MLflow should prioritize updating to version 3.9.0 immediately. The availability of proof-of-concept material increases the likelihood of exploitation, making prompt remediation essential to preventing internal network compromise.