Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

mlflow — Vulnerabilities & Security Advisories 61

Browse all 61 CVE security advisories affecting mlflow. AI-powered Chinese analysis, POCs, and references for each vulnerability.

MLflow is an open-source platform designed for the machine learning lifecycle, facilitating experiment tracking, reproducibility, and deployment. Despite its utility, the software has accumulated sixty-one Common Vulnerabilities and Exposures (CVEs), indicating significant historical security debt. The most prevalent vulnerability classes involve server-side request forgery, insecure direct object references, and cross-site scripting, often stemming from inadequate input validation in its web interface. Additionally, several issues relate to improper access control, allowing unauthorized users to manipulate experiment data or execute arbitrary code through crafted requests. While no single catastrophic breach has publicly defined its history, the high volume of CVEs suggests systemic weaknesses in authentication and session management. These flaws primarily impact the integrity and confidentiality of machine learning workflows, requiring rigorous patching and secure configuration by administrators to mitigate risks associated with its widely adopted tracking and model serving components.

Top products by mlflow: mlflow/mlflow MLflow
CVE IDTitleCVSSSeverityPublished
CVE-2026-33866 Authorization Bypass in MLflow AJAX Endpoint — MlflowCWE-862 4.3AIMediumAI2026-04-07
CVE-2026-33865 Stored XSS via unsafe YAML parsing in MLflow — MlflowCWE-79 5.4AIMediumAI2026-04-07
CVE-2026-0545 Missing Authentication for Critical Function in mlflow/mlflow — mlflow/mlflowCWE-306 9.8AICriticalAI2026-04-03
CVE-2026-0596 Command Injection in mlflow/mlflow — mlflow/mlflowCWE-78 7.8 -2026-03-31
CVE-2025-15379 Command Injection in mlflow/mlflow — mlflow/mlflowCWE-77 8.8 -2026-03-30
CVE-2025-15036 Path Traversal Vulnerability in mlflow/mlflow — mlflow/mlflowCWE-29 8.4 -2026-03-30
CVE-2025-15381 Unauthorized Access to Tracing and Assessment Endpoints in mlflow/mlflow — mlflow/mlflowCWE-200 5.4 -2026-03-27
CVE-2025-15031 Path Traversal Vulnerability in mlflow/mlflow — mlflow/mlflowCWE-22 7.8 -2026-03-18
CVE-2025-14287 Command Injection in mlflow/mlflow — mlflow/mlflowCWE-94 9.8 -2026-03-15
CVE-2026-2635 MLflow Use of Default Password Authentication Bypass Vulnerability — MLflowCWE-1393 9.8AICriticalAI2026-02-20
CVE-2026-2033 MLflow Tracking Server Artifact Handler Directory Traversal Remote Code Execution Vulnerability — MLflowCWE-22 9.8AICriticalAI2026-02-20
CVE-2025-10279 Privilege Escalation in mlflow/mlflow — mlflow/mlflowCWE-379 7.0AIHighAI2026-02-02
CVE-2025-14279 DNS Rebinding Vulnerability in mlflow/mlflow — mlflow/mlflowCWE-346 8.8AIHighAI2026-01-12
CVE-2025-11200 MLflow Weak Password Requirements Authentication Bypass Vulnerability — MLflowCWE-521 9.8AICriticalAI2025-10-29
CVE-2025-11201 MLflow Tracking Server Model Creation Directory Traversal Remote Code Execution Vulnerability — MLflowCWE-22 9.8AICriticalAI2025-10-29
CVE-2025-0453 Denial of Service through Batched Queries in GraphQL in mlflow/mlflow — mlflow/mlflowCWE-410 7.5 -2025-03-20
CVE-2025-1473 CSRF in mlflow/mlflow — mlflow/mlflowCWE-352 8.8 -2025-03-20
CVE-2025-1474 Weak Password Requirements in mlflow/mlflow — mlflow/mlflowCWE-521 9.8 -2025-03-20
CVE-2024-8859 Path Traversal in mlflow/mlflow — mlflow/mlflowCWE-29 7.5 -2025-03-20
CVE-2024-6838 Uncontrolled Resource Consumption in mlflow/mlflow — mlflow/mlflowCWE-400 8.2 -2025-03-20
CVE-2024-2928 Local File Inclusion (LFI) via URI Fragment Parsing in mlflow/mlflow — mlflow/mlflowCWE-29 7.5AIHighAI2024-06-06
CVE-2024-0520 Remote Code Execution due to Full Controlled File Write in mlflow/mlflow — mlflow/mlflowCWE-22 9.8AICriticalAI2024-06-06
CVE-2024-3099 Denial of Service and Data Model Poisoning via URL Encoding in mlflow/mlflow — mlflow/mlflowCWE-475 8.1AIHighAI2024-06-06
CVE-2024-37061 MLflow 安全漏洞 — MLflowCWE-94 8.8 High2024-06-04
CVE-2024-37060 MLflow 安全漏洞 — MLflowCWE-502 8.8 High2024-06-04
CVE-2024-37059 Mlflow 安全漏洞 — MLflowCWE-502 8.8 High2024-06-04
CVE-2024-37058 MLflow 安全漏洞 — MLflowCWE-502 8.8 High2024-06-04
CVE-2024-37057 MLflow 安全漏洞 — MLflowCWE-502 8.8 High2024-06-04
CVE-2024-37056 MLflow 安全漏洞 — MLflowCWE-502 8.8 High2024-06-04
CVE-2024-37055 MLflow 安全漏洞 — MLflowCWE-502 8.8 High2024-06-04

This page lists every published CVE security advisory associated with mlflow. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.