CVE-2026-2614
MLflow · MLflow
A path traversal vulnerability in the `_create_model_version()` handler of MLflow allows unauthenticated attackers to access restricted files on the server.
Executive summary
An unauthenticated path traversal vulnerability in MLflow versions prior to 3.10.0 allows attackers to read sensitive files, posing a critical risk to server integrity.
Vulnerability
The _create_model_version() handler fails to properly sanitize path inputs (CWE-22), allowing unauthenticated remote attackers to perform path traversal attacks to access unauthorized files.
Business impact
This vulnerability could lead to the unauthorized disclosure of sensitive server-side configuration files, credentials, or model data. With a CVSS score of 7.5, the risk of data compromise is significant, potentially leading to full system compromise if attackers successfully exfiltrate sensitive environment information.
Remediation
Immediate Action: Update MLflow to version 3.10.0 or later immediately to apply the required input sanitization fixes.
Proactive Monitoring: Monitor server access logs for path traversal patterns (e.g., ../ sequences) directed at the model versioning API endpoints.
Compensating Controls: Deploy a Web Application Firewall (WAF) configured to block requests containing directory traversal sequences or suspicious path characters.
Exploitation status
Public Exploit Available: Unknown.
Analyst recommendation
Given the availability of a patch and the presence of a proof-of-concept, upgrading to MLflow 3.10.0 is the highest priority. Organizations should complete this update as soon as possible to prevent potential exploitation of the path traversal flaw.