CVE-2026-2652
mlflow · mlflow
An authentication bypass vulnerability exists in mlflow/mlflow versions prior to 3.10.0, potentially allowing unauthorized access to system functions.
Executive summary
A critical authentication bypass vulnerability in mlflow allows unauthenticated remote attackers to potentially compromise system integrity.
Vulnerability
The flaw is an authentication bypass (CWE-305) that permits unauthenticated remote attackers to interact with the application. The CVSS vector (AV:N/AC:L/PR:N/UI:N) confirms that no user interaction or prior authentication is required to exploit this vulnerability.
Business impact
With a CVSS score of 8.6, this vulnerability poses a high risk to business operations. Successful exploitation allows for unauthorized system interaction, which could lead to data exfiltration, unauthorized modification of machine learning models, or service disruption, directly threatening the integrity of data science pipelines.
Remediation
Immediate Action: Update the mlflow package to version 3.11.0 or higher as specified by the OSV record.
Proactive Monitoring: Monitor network traffic for unusual API requests to the mlflow server and review access logs for successful requests originating from unknown or unauthorized IP addresses.
Compensating Controls: Implement strict network access control lists (ACLs) to restrict access to the mlflow instance to trusted internal networks or VPNs only.
Exploitation status
Public Exploit Available: No (Nuclei template only).
Analyst recommendation
Given the ease of exploitability (low complexity, no authentication required) and the presence of a public proof-of-concept, organizations should prioritize patching immediately. Ensure all mlflow deployments are updated to version 3.11.0 to eliminate this critical security gap.