MLflow 厂商漏洞列表 / CVE 中文分析 61

MLflow 厂商相关 61 条 CVE 漏洞，含 AI 中文分析、POC、CVSS 评分与受影响产品。

MLflow 是开源机器学习生命周期管理平台，核心用于追踪实验、打包代码及部署模型。鉴于其已收录 61 条 CVE，历史漏洞多涉及远程代码执行、路径遍历及身份验证绕过，常因组件依赖或配置不当引发。其架构复杂性导致攻击面较广，建议用户定期更新版本并严格审查第三方库依赖，以防范潜在的数据泄露与控制权丧失风险。

上位製品 MLflow: mlflow/mlflow MLflow

CVE ID	タイトル	CVSS	深刻度	公開日
CVE-2026-33866	Authorization Bypass in MLflow AJAX Endpoint — MlflowCWE-862	4.3^AI	Medium^AI	2026-04-07
CVE-2026-33865	Stored XSS via unsafe YAML parsing in MLflow — MlflowCWE-79	5.4^AI	Medium^AI	2026-04-07
CVE-2026-0545	Missing Authentication for Critical Function in mlflow/mlflow — mlflow/mlflowCWE-306	9.8^AI	Critical^AI	2026-04-03
CVE-2026-0596	Command Injection in mlflow/mlflow — mlflow/mlflowCWE-78	7.8	-	2026-03-31
CVE-2025-15379	Command Injection in mlflow/mlflow — mlflow/mlflowCWE-77	8.8	-	2026-03-30
CVE-2025-15036	Path Traversal Vulnerability in mlflow/mlflow — mlflow/mlflowCWE-29	8.4	-	2026-03-30
CVE-2025-15381	Unauthorized Access to Tracing and Assessment Endpoints in mlflow/mlflow — mlflow/mlflowCWE-200	5.4	-	2026-03-27
CVE-2025-15031	Path Traversal Vulnerability in mlflow/mlflow — mlflow/mlflowCWE-22	7.8	-	2026-03-18
CVE-2025-14287	Command Injection in mlflow/mlflow — mlflow/mlflowCWE-94	9.8	-	2026-03-15
CVE-2026-2635	MLflow Use of Default Password Authentication Bypass Vulnerability — MLflowCWE-1393	9.8^AI	Critical^AI	2026-02-20
CVE-2026-2033	MLflow Tracking Server Artifact Handler Directory Traversal Remote Code Execution Vulnerability — MLflowCWE-22	9.8^AI	Critical^AI	2026-02-20
CVE-2025-10279	Privilege Escalation in mlflow/mlflow — mlflow/mlflowCWE-379	7.0^AI	High^AI	2026-02-02
CVE-2025-14279	DNS Rebinding Vulnerability in mlflow/mlflow — mlflow/mlflowCWE-346	8.8^AI	High^AI	2026-01-12
CVE-2025-11200	MLflow Weak Password Requirements Authentication Bypass Vulnerability — MLflowCWE-521	9.8^AI	Critical^AI	2025-10-29
CVE-2025-11201	MLflow Tracking Server Model Creation Directory Traversal Remote Code Execution Vulnerability — MLflowCWE-22	9.8^AI	Critical^AI	2025-10-29
CVE-2025-0453	Denial of Service through Batched Queries in GraphQL in mlflow/mlflow — mlflow/mlflowCWE-410	7.5	-	2025-03-20
CVE-2025-1473	CSRF in mlflow/mlflow — mlflow/mlflowCWE-352	8.8	-	2025-03-20
CVE-2025-1474	Weak Password Requirements in mlflow/mlflow — mlflow/mlflowCWE-521	9.8	-	2025-03-20
CVE-2024-8859	Path Traversal in mlflow/mlflow — mlflow/mlflowCWE-29	7.5	-	2025-03-20
CVE-2024-6838	Uncontrolled Resource Consumption in mlflow/mlflow — mlflow/mlflowCWE-400	8.2	-	2025-03-20
CVE-2024-2928	Local File Inclusion (LFI) via URI Fragment Parsing in mlflow/mlflow — mlflow/mlflowCWE-29	7.5^AI	High^AI	2024-06-06
CVE-2024-0520	Remote Code Execution due to Full Controlled File Write in mlflow/mlflow — mlflow/mlflowCWE-22	9.8^AI	Critical^AI	2024-06-06
CVE-2024-3099	Denial of Service and Data Model Poisoning via URL Encoding in mlflow/mlflow — mlflow/mlflowCWE-475	8.1^AI	High^AI	2024-06-06
CVE-2024-37061	MLflow 安全漏洞 — MLflowCWE-94	8.8	High	2024-06-04
CVE-2024-37060	MLflow 安全漏洞 — MLflowCWE-502	8.8	High	2024-06-04
CVE-2024-37059	Mlflow 安全漏洞 — MLflowCWE-502	8.8	High	2024-06-04
CVE-2024-37058	MLflow 安全漏洞 — MLflowCWE-502	8.8	High	2024-06-04
CVE-2024-37057	MLflow 安全漏洞 — MLflowCWE-502	8.8	High	2024-06-04
CVE-2024-37056	MLflow 安全漏洞 — MLflowCWE-502	8.8	High	2024-06-04
CVE-2024-37055	MLflow 安全漏洞 — MLflowCWE-502	8.8	High	2024-06-04

本页汇总了 MLflow 厂商截至目前公开的全部 61 条 CVE 漏洞。每条漏洞均包含 CVSS 评分、CWE 弱点分类、受影响产品与参考链接，并附带 AI 生成的中文分析以便快速判断风险。

目標達成 すべての支援者に感謝 — 100%達成しました！

MLflow 厂商漏洞列表 / CVE 中文分析 61

目標達成すべての支援者に感謝 — 100%達成しました！