Description
MLflow is vulnerable to an authorization bypass affecting the AJAX endpoint used to download saved model artifacts. Due to missing access‑control validation, a user without permissions to a given experiment can directly query this endpoint and retrieve model artifacts they are not authorized to access. This issue affects MLflow version through 3.10.1
References (3)
Core 3
Core References
Patch patch
https://github.com/mlflow/mlflow/pull/21708
Third Party Advisory third-party-advisory
https://cert.pl/en/posts/2026/04/CVE-2026-33865/
Exploit exploit
technical-description
https://afine.com/blogs/attacking-mlflow-how-ml-artifacts-become-attack-vectors
Scores
CVSS v3
4.3
EPSS
0.0036
EPSS Percentile
27.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-862
Status
published
Products (3)
lfprojects/mlflow
< 3.10.1
Mlflow/Mlflow
< 3.10.1
pypi/mlflow
0 - 3.11.0rc0PyPI
Published
Apr 07, 2026
Tracked Since
Apr 07, 2026