Mlflow Mlflow vulnerabilities
50 known vulnerabilities affecting mlflow/mlflow_mlflow.
Total CVEs
50
CISA KEV
0
Public exploits
14
Exploited in wild
2
Severity breakdown
CRITICAL14HIGH28MEDIUM7LOW1
Vulnerabilities
Page 3 of 3
CVE-2025-0453P3HIGHCVSS 7.5≥ unspecified, ≤ latest2025-03-20
CVE-2025-0453 [HIGH] CWE-410 CVE-2025-0453: In mlflow/mlflow version 2.17.2, the `/graphql` endpoint is vulnerable to a denial of service attack
In mlflow/mlflow version 2.17.2, the `/graphql` endpoint is vulnerable to a denial of service attack. An attacker can create large batches of queries that repeatedly request all runs from a given experiment. This can tie up all the workers allocated by MLFlow, rendering the application unable to respond to other requests. This vulnerability is due to un
nvd
CVE-2025-10279P3HIGHCVSS 7.0≥ unspecified, < 3.11.02026-02-02
CVE-2025-10279 [HIGH] CWE-379 CVE-2025-10279: In mlflow version 2.20.3, the temporary directory used for creating Python virtual environments is a
In mlflow version 2.20.3, the temporary directory used for creating Python virtual environments is assigned insecure world-writable permissions (0o777). This vulnerability allows an attacker with write access to the `/tmp` directory to exploit a race condition and overwrite `.py` files in the virtual environment, leading to arbitrary code execution. T
ghsanvdosv
CVE-2026-3198P3MEDIUMCVSS 6.5≥ unspecified, ≤ latest2026-06-02
CVE-2026-3198 [MEDIUM] CWE-284 CVE-2026-3198: MLflow 3.9.0 with basic-auth (`--app-name basic-auth`) fails to enforce authorization checks for mul
MLflow 3.9.0 with basic-auth (`--app-name basic-auth`) fails to enforce authorization checks for multiple Gateway API 'list' endpoints. Specifically, the `BEFORE_REQUEST_HANDLERS` dictionary in `mlflow/server/auth/__init__.py` does not include entries for `ListGatewaySecretInfos`, `ListGatewayEndpoints`, and `ListGatewayModelDefinitions`. This allows
nvd
CVE-2022-0736P3HIGHCVSS 7.5≥ unspecified, < 1.23.12022-02-23
CVE-2022-0736 [HIGH] CWE-377 CVE-2022-0736: Insecure Temporary File in GitHub repository mlflow/mlflow prior to 1.23.1.
Insecure Temporary File in GitHub repository mlflow/mlflow prior to 1.23.1.
nvd
CVE-2025-1473P4HIGHCVSS 7.1≥ unspecified, < 2.20.22025-03-20
CVE-2025-1473 [HIGH] CWE-352 CVE-2025-1473: A Cross-Site Request Forgery (CSRF) vulnerability exists in the Signup feature of mlflow/mlflow vers
A Cross-Site Request Forgery (CSRF) vulnerability exists in the Signup feature of mlflow/mlflow versions 2.17.0 to 2.20.1. This vulnerability allows an attacker to create a new account, which may be used to perform unauthorized actions on behalf of the malicious user.
nvd
CVE-2025-1474P4MEDIUMCVSS 5.5≥ unspecified, < 2.19.02025-03-20
CVE-2025-1474 [MEDIUM] CWE-521 CVE-2025-1474: In mlflow/mlflow version 2.18, an admin is able to create a new user account without setting a passw
In mlflow/mlflow version 2.18, an admin is able to create a new user account without setting a password. This vulnerability could lead to security risks, as accounts without passwords may be susceptible to unauthorized access. Additionally, this issue violates best practices for secure user account management. The issue is fixed in version 2.19.0.
nvd
CVE-2024-4263P4MEDIUMCVSS 5.4≥ unspecified, < 2.10.12024-05-16
CVE-2024-4263 [MEDIUM] CWE-284 CVE-2024-4263: A broken access control vulnerability exists in mlflow/mlflow versions before 2.10.1, where low priv
A broken access control vulnerability exists in mlflow/mlflow versions before 2.10.1, where low privilege users with only EDIT permissions on an experiment can delete any artifacts. This issue arises due to the lack of proper validation for DELETE requests by users with EDIT permissions, allowing them to perform unauthorized deletions of artifacts. Th
nvd
CVE-2024-3099P4MEDIUMCVSS 5.4≥ unspecified, ≤ latest2024-06-06
CVE-2024-3099 [MEDIUM] CWE-475 CVE-2024-3099: A vulnerability in mlflow/mlflow version 2.11.1 allows attackers to create multiple models with the
A vulnerability in mlflow/mlflow version 2.11.1 allows attackers to create multiple models with the same name by exploiting URL encoding. This flaw can lead to Denial of Service (DoS) as an authenticated user might not be able to use the intended model, as it will open a different model each time. Additionally, an attacker can exploit this vulnerabilit
ghsanvdosv
CVE-2024-6838P4MEDIUMCVSS 5.3≥ unspecified, ≤ latest2025-03-20
CVE-2024-6838 [MEDIUM] CWE-400 CVE-2024-6838: In mlflow/mlflow version v2.13.2, a vulnerability exists that allows the creation or renaming of an
In mlflow/mlflow version v2.13.2, a vulnerability exists that allows the creation or renaming of an experiment with a large number of integers in its name due to the lack of a limit on the experiment name. This can cause the MLflow UI panel to become unresponsive, leading to a potential denial of service. Additionally, there is no character limit in th
nvd
CVE-2023-1176P4LOWCVSS 3.3≥ unspecified, < 2.2.22023-03-24
CVE-2023-1176 [LOW] CWE-36 CVE-2023-1176: Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.2.2.
Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.2.2.
nvd
← Previous3 / 3