cbcvebase.
CVE-2026-2393
published 2026-05-11

CVE-2026-2393: A Server-Side Request Forgery (SSRF) vulnerability exists in MLflow versions prior to 3.9.0. The `_create_webhook()` function in `mlflow/server/handlers.py`…

PriorityP346high7.1CVSS 3.0
AVNACLPRLUINSUCHILAN
EPSS
0.29%
20.4th percentile
A Server-Side Request Forgery (SSRF) vulnerability exists in MLflow versions prior to 3.9.0. The `_create_webhook()` function in `mlflow/server/handlers.py` accepts a user-controlled `url` parameter without validation, and the `_send_webhook_request()` function in `mlflow/webhooks/delivery.py` sends HTTP POST requests to this attacker-controlled URL. This allows an authenticated attacker to force the MLflow backend to send HTTP requests to internal services, cloud metadata endpoints, or arbitrary external servers. The lack of input sanitization, URL scheme filtering, or allowlist validation on the webhook URL enables exploitation, potentially leading to cloud credential theft, internal network access, and data exfiltration.

Affected

3 ranges
VendorProductVersion rangeFixed in
lfprojectsmlflow< 3.9.03.9.0
mlflowmlflow_mlflow>= 0 < 3.9.03.9.0
mlflowmlflow_mlflow>= unspecified < 3.10.03.10.0
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.