Lfprojects Mlflow
14 CVEs affecting Lfprojects Mlflow. Latest disclosed: 2026-06-04. Critical: 4, High: 6.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-15036 | Critical | 10.0 | 2026-03-30 | A path traversal vulnerability exists in the `extract_archive_to_dir` function within the `mlflow/pyfunc/dbconnect_artifact_cache.py` file of the mlflow/mlflow… |
CVE-2025-15379 | Critical | 9.8 | 2026-03-30 | A command injection vulnerability exists in MLflow's model serving container initialization code, specifically in the `_install_model_dependencies_to_env()` fu… |
CVE-2026-2611 | Critical | 9.6 | 2026-05-19 | In MLflow version 3.9.0, the MLflow Assistant feature introduced improper origin validation in its /ajax-api endpoints. This vulnerability allows a remote atta… |
CVE-2026-2651 | Critical | 9.0 | 2026-05-25 | A vulnerability in MLflow versions <=3.10.1.dev0 allows unauthorized access to multipart upload (MPU) endpoints when the `--serve-artifacts` mode is enabled. T… |
CVE-2026-2652 | High | 8.6 | 2026-05-15 | A vulnerability in mlflow/mlflow versions 3.9.0 and earlier allows unauthenticated access to certain FastAPI routes when the server is started with authenticat… |
CVE-2026-4137 | High | 7.8 | 2026-05-18 | In mlflow/mlflow versions prior to 3.11.0, the `get_or_create_nfs_tmp_dir()` function in `mlflow/utils/file_utils.py` creates temporary directories with world-… |
CVE-2026-4035 | High | 7.7 | 2026-06-03 | A vulnerability in mlflow/mlflow versions prior to 3.11.0 allows for the resolution of environment variables in AI Gateway secrets, which can be exploited to e… |
CVE-2026-2614 | High | 7.5 | 2026-05-11 | A vulnerability in the `_create_model_version()` handler of `mlflow/server/handlers.py` in mlflow/mlflow versions 3.9.0 and earlier allows an unauthenticated r… |
CVE-2026-2393 | High | 7.1 | 2026-05-11 | A Server-Side Request Forgery (SSRF) vulnerability exists in MLflow versions prior to 3.9.0. The `_create_webhook()` function in `mlflow/server/handlers.py` ac… |
CVE-2025-15381 | High | 7.1 | 2026-03-27 | In the latest version of mlflow/mlflow, when the `basic-auth` app is enabled, tracing and assessment endpoints are not protected by permission validators. This… |
CVE-2026-3198 | Medium | 6.5 | 2026-06-02 | MLflow 3.9.0 with basic-auth (`--app-name basic-auth`) fails to enforce authorization checks for multiple Gateway API 'list' endpoints. Specifically, the `BEFO… |
CVE-2026-2734 | Medium | 6.5 | 2026-05-21 | In mlflow/mlflow versions up to 3.9.0, the `SearchModelVersions` REST API endpoint and the `mlflowSearchModelVersions` GraphQL query lack proper per-model auth… |
CVE-2025-52967 | Medium | 5.8 | 2025-06-23 | gateway_proxy_handler in MLflow before 3.1.0 lacks gateway_path validation. |
CVE-2026-10803 | Low | 3.6 | 2026-06-04 | A flaw has been found in MLflow up to 3.10.0. This issue affects the function mlflow.data.digest_utils of the file mlflow/data/digest_utils.py of the component… |