CRITICAL🇵🇱 Wersja polska

CVE-2026-2651

CVSS 9.0v3.0pub. 2026-05-25upd. 2026-06-27

A vulnerability in MLflow versions <=3.10.1.dev0 allows unauthorized access to multipart upload (MPU) endpoints when the `--serve-artifacts` mode is enabled. The authorization logic does not enforce resource-level permission checks for `/mlflow-artifacts/mpu/*` endpoints, enabling attackers to overwrite artifacts belonging to other users. This can lead to unauthorized cross-user writes, model supply chain poisoning, and arbitrary code execution when compromised models are loaded. The issue is resolved in version 3.10.0.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
  • Lfprojects Mlflow

    APP
    Lfprojects
    ≤ 3.10.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2026-2611CRITICAL9.6PL ✓ten sam produkt

MLflow: nieprawidłowa walidacja origin umożliwia RCE przez cross-origin request

CVE-2026-0545CRITICAL9.8PL ✓ten sam produkt

Brak uwierzytelnienia w endpointach FastAPI jobs w MLflow (Auth Bypass / RCE)

CVE-2025-15379CRITICAL9.8PL ✓ten sam produkt

Command injection w MLflow podczas inicjalizacji kontenera modelu

CVE-2025-15036CRITICAL10.0PL ✓ten sam produkt

Path traversal w MLflow — nadpisanie plików i eskalacja uprawnień

CVE-2025-15031CRITICAL9.1PL ✓ten sam produkt

MLflow: path traversal w ekstrakcji archiwów tar umożliwia RCE