CVE-2026-4137— Incomplete Fix for CVE-2025-10279: Insecure Temporary Directory Permissions in mlflow/mlflow
Possible ATT&CK Techniques 3AI
T1078 · Valid Accounts T1059 · Command and Scripting Interpreter T1564 · Hide ArtifactsAffected Version Matrix 1
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| mlflow | mlflow/mlflow | unspecified< 3.11.0 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-4137
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Incomplete Fix for CVE-2025-10279: Insecure Temporary Directory Permissions in mlflow/mlflow
Source: NVD (National Vulnerability Database)
Vulnerability Description
In mlflow/mlflow versions prior to 3.11.0, the `get_or_create_nfs_tmp_dir()` function in `mlflow/utils/file_utils.py` creates temporary directories with world-writable permissions (0o777), and the `_create_model_downloading_tmp_dir()` function in `mlflow/pyfunc/__init__.py` creates directories with group-writable permissions (0o770). These insecure permissions allow local attackers to tamper with model artifacts, such as cloudpickle-serialized Python objects, and achieve arbitrary code execution when the tampered artifacts are deserialized via `cloudpickle.load()`. This vulnerability is particularly critical in environments with shared NFS mounts, such as Databricks, where NFS is enabled by default. The issue is a continuation of the vulnerability class addressed in CVE-2025-10279, which was only partially fixed.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
创建拥有不安全权限的临时文件
Source: NVD (National Vulnerability Database)
Vulnerability Title
MLflow 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
MLflow是MLflow开源的一个简化机器学习开发的平台,包括跟踪实验、将代码打包成可重复的运行以及共享和部署模型。 mlflow 3.11.0之前版本存在安全漏洞,该漏洞源于get_or_create_nfs_tmp_dir函数创建具有全局可写权限的临时目录,可能导致本地攻击者篡改模型工件并实现任意代码执行。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| mlflow | mlflow/mlflow | unspecified ~ 3.11.0 | - |
II. Public POCs for CVE-2026-4137
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-4137
请登录查看更多情报信息。
Patches & Fixes for CVE-2026-4137 (1)
Vendor Advisories for CVE-2026-4137 (1)
IV. Related Vulnerabilities
Same product: mlflow/mlflow
- CVE-2026-2651
Missing Authorization Validation in mlflow/mlflow - CVE-2026-2734
Authorization Bypass in SearchModelVersions in mlflow/mlflow - CVE-2026-2611
Improper Origin Validation in mlflow/mlflow - CVE-2026-2652
Authentication Bypass in mlflow/mlflow - CVE-2026-2614
Arbitrary File Read via Prompt Tag Source Validation Bypass
Same vendor: mlflow
- CVE-2026-2651
Missing Authorization Validation in mlflow/mlflow - CVE-2026-2734
Authorization Bypass in SearchModelVersions in mlflow/mlflow - CVE-2026-2611
Improper Origin Validation in mlflow/mlflow - CVE-2026-2652
Authentication Bypass in mlflow/mlflow - CVE-2026-2614
Arbitrary File Read via Prompt Tag Source Validation Bypass
Same weakness: CWE-378
- CVE-2026-33572
OpenClaw < 2026.2.17 - Insufficient File Permissions in Sess - CVE-2026-4822
Enter Software Iperius Backup Backup Service temp file - CVE-2025-46685
Dell SupportAssist OS Recovery 安全漏洞 - CVE-2025-46684
Dell SupportAssist OS Recovery 安全漏洞 - CVE-2025-34352
JumpCloud Remote Assist < 0.317.0 Arbitrary File Write/Delet
V. Comments for CVE-2026-4137
No comments yet