cbcvebase.
CVE-2026-3198
published 2026-06-02

CVE-2026-3198: MLflow 3.9.0 with basic-auth (`--app-name basic-auth`) fails to enforce authorization checks for multiple Gateway API 'list' endpoints. Specifically, the…

PriorityP338medium6.5CVSS 3.0
AVNACLPRLUINSUCHINAN
EPSS
0.24%
15.4th percentile
MLflow 3.9.0 with basic-auth (`--app-name basic-auth`) fails to enforce authorization checks for multiple Gateway API 'list' endpoints. Specifically, the `BEFORE_REQUEST_HANDLERS` dictionary in `mlflow/server/auth/__init__.py` does not include entries for `ListGatewaySecretInfos`, `ListGatewayEndpoints`, and `ListGatewayModelDefinitions`. This allows any authenticated user, regardless of their assigned permissions, to enumerate all gateway secrets, endpoints, and model definitions. This vulnerability exposes sensitive information, such as API keys, endpoint configurations, and proprietary model definitions, to unauthorized users.

Affected

21 ranges
VendorProductVersion rangeFixed in
lfprojectsmlflow
mlflowmlflow_mlflowunspecified – latest
rhoaiodh-mlflow-rhel9
rhoaiodh-pipeline-runtime-datascience-cpu-py312-rhel9
rhoaiodh-pipeline-runtime-pytorch-cuda-py312-rhel9
rhoaiodh-pipeline-runtime-pytorch-llmcompressor-cuda-py312-rhel9
rhoaiodh-pipeline-runtime-pytorch-rocm-py312-rhel9
rhoaiodh-pipeline-runtime-tensorflow-cuda-py312-rhel9
rhoaiodh-pipeline-runtime-tensorflow-rocm-py312-rhel9
rhoaiodh-th06-cpu-torch210-py312-rhel9
rhoaiodh-th06-cuda130-torch210-py312-rhel9
rhoaiodh-th06-rocm64-torch291-py312-rhel9
rhoaiodh-training-cuda128-torch29-py312-rhel9
rhoaiodh-workbench-codeserver-datascience-cpu-py312-rhel9
rhoaiodh-workbench-jupyter-datascience-cpu-py312-rhel9
rhoaiodh-workbench-jupyter-pytorch-cuda-py312-rhel9
rhoaiodh-workbench-jupyter-pytorch-llmcompressor-cuda-py312-rhel9
rhoaiodh-workbench-jupyter-pytorch-rocm-py312-rhel9
rhoaiodh-workbench-jupyter-tensorflow-cuda-py312-rhel9
rhoaiodh-workbench-jupyter-tensorflow-rocm-py312-rhel9
rhoaiodh-workbench-jupyter-trustyai-cpu-py312-rhel9

CVSS provenance

nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
vendor_redhat6.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.