CVE-2026-2614

MLflow · MLflow

A path traversal vulnerability in the `_create_model_version()` handler of MLflow allows unauthenticated attackers to access restricted files on the server.

Executive summary

An unauthenticated path traversal vulnerability in MLflow versions prior to 3.10.0 allows attackers to read sensitive files, posing a critical risk to server integrity.

Vulnerability

The _create_model_version() handler fails to properly sanitize path inputs (CWE-22), allowing unauthenticated remote attackers to perform path traversal attacks to access unauthorized files.

Business impact

This vulnerability could lead to the unauthorized disclosure of sensitive server-side configuration files, credentials, or model data. With a CVSS score of 7.5, the risk of data compromise is significant, potentially leading to full system compromise if attackers successfully exfiltrate sensitive environment information.

Remediation

Immediate Action: Update MLflow to version 3.10.0 or later immediately to apply the required input sanitization fixes.

Proactive Monitoring: Monitor server access logs for path traversal patterns (e.g., ../ sequences) directed at the model versioning API endpoints.

Compensating Controls: Deploy a Web Application Firewall (WAF) configured to block requests containing directory traversal sequences or suspicious path characters.

Exploitation status

Public Exploit Available: Unknown.

Analyst recommendation

Given the availability of a patch and the presence of a proof-of-concept, upgrading to MLflow 3.10.0 is the highest priority. Organizations should complete this update as soon as possible to prevent potential exploitation of the path traversal flaw.