Auth bypass in Mlflow

CVE-2026-33866

MLflow is vulnerable to an authorization bypass affecting the AJAX endpoint used to download saved model artifacts. Due to missing access‑control validation, a user without permissions to a given experiment can directly query this endpoint…

Vulnerability class: Broken Access Control

EPSS: 0.000 (1.0th percentile) — read the EPSS interpretation.

Affected products

Mlflow — versions 0

Weakness classification (CWE)

CWE-862 — Missing Authorization

References

github.com/mlflow/mlflow/pull/21708 (patch)
cert.pl/en/posts/2026/04/CVE-2026-33865/ (third-party-advisory)
afine.com/blogs/attacking-mlflow-how-ml-artifacts-become-attack-vectors (exploit, technical-description)