cbcvebase.

Mlflow Mlflow vulnerabilities

50 known vulnerabilities affecting mlflow/mlflow_mlflow.

Total CVEs
50
CISA KEV
0
Public exploits
14
Exploited in wild
2
Severity breakdown
CRITICAL14HIGH28MEDIUM7LOW1

Vulnerabilities

Page 1 of 3
CVE-2023-1177P1CRITICALCVSS 9.8ExploitedPoC≥ unspecified, < 2.2.12023-03-24
CVE-2023-1177 [CRITICAL] CWE-29 CVE-2023-1177: Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.2.1. Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.2.1.
nvd
CVE-2023-6909P1HIGHCVSS 7.5ExploitedPoC≥ unspecified, < 2.12.12023-12-18
CVE-2023-6909 [HIGH] CWE-29 CVE-2023-6909: Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2. Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.
nvd
CVE-2023-3765P2CRITICALCVSS 10.0PoC≥ unspecified, < 2.5.02023-07-19
CVE-2023-3765 [CRITICAL] CWE-36 CVE-2023-3765: Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0. Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0.
nvd
CVE-2023-6018P1CRITICALCVSS 9.8PoC≥ unspecified, ≤ latest2023-11-16
CVE-2023-6018 [CRITICAL] CWE-78 CVE-2023-6018: An attacker can overwrite any file on the server hosting MLflow without any authentication. An attacker can overwrite any file on the server hosting MLflow without any authentication.
ghsanvdosv
CVE-2026-0545P2CRITICALCVSS 9.8PoC≥ unspecified, ≤ latest2026-04-03
CVE-2026-0545 [CRITICAL] CWE-306 CVE-2026-0545: In mlflow/mlflow, the FastAPI job endpoints under `/ajax-api/3.0/jobs/*` are not protected by authen In mlflow/mlflow, the FastAPI job endpoints under `/ajax-api/3.0/jobs/*` are not protected by authentication or authorization when the `basic-auth` app is enabled. This vulnerability affects the latest version of the repository. If job execution is enabled (`MLFLOW_SERVER_ENABLE_JOB_EXECUTION=true`) and any job function is allowlisted, any network c
ghsanvdosv
CVE-2026-2652P2HIGHCVSS 8.6PoC≥ unspecified, < 3.10.02026-05-15
CVE-2026-2652 [HIGH] CWE-305 CVE-2026-2652: A vulnerability in mlflow/mlflow versions 3.9.0 and earlier allows unauthenticated access to certain A vulnerability in mlflow/mlflow versions 3.9.0 and earlier allows unauthenticated access to certain FastAPI routes when the server is started with authentication enabled (`--app-name basic-auth`) and served via uvicorn (ASGI). The FastAPI permission middleware only enforces authentication on `/gateway/` routes, leaving other routes such as the Job API
nvd
CVE-2024-2928P2HIGHCVSS 7.5PoC≥ unspecified, < 2.11.32024-06-06
CVE-2024-2928 [HIGH] CWE-29 CVE-2024-2928: A Local File Inclusion (LFI) vulnerability was identified in mlflow/mlflow, specifically in version A Local File Inclusion (LFI) vulnerability was identified in mlflow/mlflow, specifically in version 2.9.2, which was fixed in version 2.11.3. This vulnerability arises from the application's failure to properly validate URI fragments for directory traversal sequences such as '../'. An attacker can exploit this flaw by manipulating the fragment part of the
nvd
CVE-2023-2780P2CRITICALCVSS 9.8PoC≥ unspecified, < 2.3.12023-05-17
CVE-2023-2780 [CRITICAL] CWE-29 CVE-2023-2780: Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.3.1. Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.3.1.
nvd
CVE-2024-1483P2HIGHCVSS 7.5PoC≥ unspecified, ≤ latest2024-04-16
CVE-2024-1483 [HIGH] CWE-22 CVE-2024-1483: A path traversal vulnerability exists in mlflow/mlflow version 2.9.2, allowing attackers to access a A path traversal vulnerability exists in mlflow/mlflow version 2.9.2, allowing attackers to access arbitrary files on the server. By crafting a series of HTTP POST requests with specially crafted 'artifact_location' and 'source' parameters, using a local URI with '#' instead of '?', an attacker can traverse the server's directory structure. The issue occ
nvd
CVE-2023-2356P3HIGHCVSS 7.5PoC≥ unspecified, < 2.3.12023-04-28
CVE-2023-2356 [HIGH] CWE-23 CVE-2023-2356: Relative Path Traversal in GitHub repository mlflow/mlflow prior to 2.3.1. Relative Path Traversal in GitHub repository mlflow/mlflow prior to 2.3.1.
nvd
CVE-2023-6977P3HIGHCVSS 7.5PoC≥ unspecified, < 2.9.22023-12-20
CVE-2023-6977 [HIGH] CWE-29 CVE-2023-6977: This vulnerability enables malicious users to read sensitive files on the server. This vulnerability enables malicious users to read sensitive files on the server.
nvd
CVE-2024-8859P3HIGHCVSS 7.5PoC≥ unspecified, < 2.17.02025-03-20
CVE-2024-8859 [HIGH] CWE-29 CVE-2024-8859: A path traversal vulnerability exists in mlflow/mlflow version 2.15.1. When users configure and use A path traversal vulnerability exists in mlflow/mlflow version 2.15.1. When users configure and use the dbfs service, concatenating the URL directly into the file protocol results in an arbitrary file read vulnerability. This issue occurs because only the path part of the URL is checked, while parts such as query and parameters are not handled. The vulner
nvd
CVE-2023-6831P3HIGHCVSS 8.1PoC≥ unspecified, ≤ latest2023-12-15
CVE-2023-6831 [HIGH] CWE-29 CVE-2023-6831: Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2. Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.
nvd
CVE-2025-15379P2CRITICALCVSS 9.8≥ unspecified, < 3.8.22026-03-30
CVE-2025-15379 [CRITICAL] CWE-77 CVE-2025-15379: A command injection vulnerability exists in MLflow's model serving container initialization code, sp A command injection vulnerability exists in MLflow's model serving container initialization code, specifically in the `_install_model_dependencies_to_env()` function. When deploying a model with `env_manager=LOCAL`, MLflow reads dependency specifications from the model artifact's `python_env.yaml` file and directly interpolates them into a shell co
ghsanvdosv
CVE-2025-15036P2CRITICALCVSS 10.0≥ unspecified, < 3.9.02026-03-30
CVE-2025-15036 [CRITICAL] CWE-29 CVE-2025-15036: A path traversal vulnerability exists in the `extract_archive_to_dir` function within the `mlflow/py A path traversal vulnerability exists in the `extract_archive_to_dir` function within the `mlflow/pyfunc/dbconnect_artifact_cache.py` file of the mlflow/mlflow repository. This vulnerability, present in versions before v3.7.0, arises due to the lack of validation of tar member paths during extraction. An attacker with control over the tar.gz file c
ghsanvdosv
CVE-2023-6014P2CRITICALCVSS 9.8≥ unspecified, ≤ latest2023-11-16
CVE-2023-6014 [CRITICAL] CWE-598 CVE-2023-6014: An attacker is able to arbitrarily create an account in MLflow bypassing any authentication requirme An attacker is able to arbitrarily create an account in MLflow bypassing any authentication requirment.
ghsanvdosv
CVE-2025-15031P2CRITICALCVSS 9.1≥ unspecified, ≤ latest2026-03-18
CVE-2025-15031 [CRITICAL] CWE-22 CVE-2025-15031: A vulnerability in MLflow's pyfunc extraction process allows for arbitrary file writes due to improp A vulnerability in MLflow's pyfunc extraction process allows for arbitrary file writes due to improper handling of tar archive entries. Specifically, the use of `tarfile.extractall` without path validation enables crafted tar.gz files containing `..` or absolute paths to escape the intended extraction directory. This issue affects the latest versio
nvd
CVE-2023-6974P2CRITICALCVSS 9.8≥ unspecified, < 2.9.22023-12-20
CVE-2023-6974 [CRITICAL] CWE-918 CVE-2023-6974: A malicious user could use this issue to access internal HTTP(s) servers and in the worst case (ie: A malicious user could use this issue to access internal HTTP(s) servers and in the worst case (ie: aws instance) it could be abuse to get a remote code execution on the victim machine.
nvd
CVE-2024-0520P2HIGHCVSS 8.8≥ unspecified, < 2.9.02024-06-06
CVE-2024-0520 [HIGH] CWE-22 CVE-2024-0520: A vulnerability in mlflow/mlflow version 8.2.1 allows for remote code execution due to improper neut A vulnerability in mlflow/mlflow version 8.2.1 allows for remote code execution due to improper neutralization of special elements used in an OS command ('Command Injection') within the `mlflow.data.http_dataset_source.py` module. Specifically, when loading a dataset from a source URL with an HTTP scheme, the filename extracted from the `Content-Disposit
nvd
CVE-2026-2611P3CRITICALCVSS 9.6≥ unspecified, < 3.10.02026-05-19
CVE-2026-2611 [CRITICAL] CWE-346 CVE-2026-2611: In MLflow version 3.9.0, the MLflow Assistant feature introduced improper origin validation in its / In MLflow version 3.9.0, the MLflow Assistant feature introduced improper origin validation in its /ajax-api endpoints. This vulnerability allows a remote attacker to exploit cross-origin requests from a malicious webpage to interact with the MLflow Assistant running on a victim's local machine. By bypassing the loopback-only restriction, the attack
nvd
Mlflow Mlflow vulnerabilities | cvebase