Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/mlflow@3.8.0rc0
Typepypi
Namespace
Namemlflow
Version3.8.0rc0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.11.0rc0
Latest_non_vulnerable_version3.11.1
Affected_by_vulnerabilities
0
url VCID-cu1t-7wnm-y7hk
vulnerability_id VCID-cu1t-7wnm-y7hk
summary 
MLflow is vulnerable to an authorization bypass affecting the AJAX endpoint used to download saved model artifacts. Due to missing access‑control validation, a user without permissions to a given experiment can directly query this endpoint and retrieve model artifacts they are not authorized to access.

 
This issue affects MLflow version through 3.10.1
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33866.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33866.json
1
reference_url https://afine.com/blogs/attacking-mlflow-how-ml-artifacts-become-attack-vectors
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://afine.com/blogs/attacking-mlflow-how-ml-artifacts-become-attack-vectors
2
reference_url https://cert.pl/en/posts/2026/04/CVE-2026-33865
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://cert.pl/en/posts/2026/04/CVE-2026-33865
3
reference_url https://cert.pl/en/posts/2026/04/CVE-2026-33865/
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
url https://cert.pl/en/posts/2026/04/CVE-2026-33865/
4
reference_url https://github.com/mlflow/mlflow
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow
5
reference_url https://github.com/mlflow/mlflow/commit/005b959cacda05d1423356cfcbd9ebeda8ff96a7
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow/commit/005b959cacda05d1423356cfcbd9ebeda8ff96a7
6
reference_url https://github.com/mlflow/mlflow/pull/21708
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow/pull/21708
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-33866
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-33866
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2455900
reference_id 2455900
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2455900
fixed_packages
0
url pkg:pypi/mlflow@3.11.0rc0
purl pkg:pypi/mlflow@3.11.0rc0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@3.11.0rc0
aliases CVE-2026-33866, GHSA-46r5-x6jq-v8g6, PYSEC-2026-94
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cu1t-7wnm-y7hk
1
url VCID-g9p5-4cqv-qfew
vulnerability_id VCID-g9p5-4cqv-qfew
summary 
MLflow is vulnerable to Stored Cross-Site Scripting (XSS) caused by unsafe parsing of YAML-based MLmodel artifacts in its web interface. An authenticated attacker can upload a malicious MLmodel file containing a payload that executes when another user views the artifact in the UI. This allows actions such as session hijacking or performing operations on behalf of the victim. 

This issue affects MLflow version through 3.10.1
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33865.json
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33865.json
1
reference_url https://afine.com/blogs/attacking-mlflow-how-ml-artifacts-become-attack-vectors
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://afine.com/blogs/attacking-mlflow-how-ml-artifacts-become-attack-vectors
2
reference_url https://cert.pl/en/posts/2026/04/CVE-2026-33865
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://cert.pl/en/posts/2026/04/CVE-2026-33865
3
reference_url https://cert.pl/en/posts/2026/04/CVE-2026-33865/
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
url https://cert.pl/en/posts/2026/04/CVE-2026-33865/
4
reference_url https://github.com/mlflow/mlflow
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow
5
reference_url https://github.com/mlflow/mlflow/commit/aca4dd0ec88a12f7655155c224371280e9b45dda
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow/commit/aca4dd0ec88a12f7655155c224371280e9b45dda
6
reference_url https://github.com/mlflow/mlflow/pull/21435
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow/pull/21435
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-33865
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-33865
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2455899
reference_id 2455899
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2455899
fixed_packages
0
url pkg:pypi/mlflow@3.11.0rc0
purl pkg:pypi/mlflow@3.11.0rc0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@3.11.0rc0
1
url pkg:pypi/mlflow@3.11.1
purl pkg:pypi/mlflow@3.11.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@3.11.1
aliases CVE-2026-33865, GHSA-fh64-r2vc-xvhr, PYSEC-2026-93
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g9p5-4cqv-qfew
Fixing_vulnerabilities
0
url VCID-5a75-gxh6-5bak
vulnerability_id VCID-5a75-gxh6-5bak
summary 
MLflow Tracking Server Artifact Handler Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MLflow Tracking Server. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the handling of artifact file paths. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the service account.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2033.json
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2033.json
1
reference_url https://github.com/mlflow/mlflow
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow
2
reference_url https://github.com/mlflow/mlflow/commit/5bf2ec2bd4222a18d78631183ac7f6b752afe8a4
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow/commit/5bf2ec2bd4222a18d78631183ac7f6b752afe8a4
3
reference_url https://github.com/mlflow/mlflow/pull/19260
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow/pull/19260
4
reference_url https://github.com/mlflow/mlflow/releases/tag/v3.8.0rc0
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow/releases/tag/v3.8.0rc0
5
reference_url https://www.zerodayinitiative.com/advisories/ZDI-26-105
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.zerodayinitiative.com/advisories/ZDI-26-105
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2441508
reference_id 2441508
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2441508
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-2033
reference_id CVE-2026-2033
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-2033
8
reference_url https://github.com/advisories/GHSA-q2r8-vmq7-fpx2
reference_id GHSA-q2r8-vmq7-fpx2
reference_type
scores
url https://github.com/advisories/GHSA-q2r8-vmq7-fpx2
fixed_packages
0
url pkg:pypi/mlflow@3.8.0rc0
purl pkg:pypi/mlflow@3.8.0rc0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cu1t-7wnm-y7hk
1
vulnerability VCID-g9p5-4cqv-qfew
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@3.8.0rc0
aliases CVE-2026-2033, GHSA-q2r8-vmq7-fpx2
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5a75-gxh6-5bak
1
url VCID-rkbn-tn99-rucq
vulnerability_id VCID-rkbn-tn99-rucq
summary mlflow: MLflow: Arbitrary command execution via unsanitized container image names
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14287.json
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14287.json
1
reference_url https://github.com/mlflow/mlflow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow
2
reference_url https://github.com/mlflow/mlflow/commit/8b8792a7034fb33a14b0b31cabcaa9b912d3485f
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow/commit/8b8792a7034fb33a14b0b31cabcaa9b912d3485f
3
reference_url https://github.com/mlflow/mlflow/pull/19277
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow/pull/19277
4
reference_url https://github.com/mlflow/mlflow/releases/tag/v3.8.0rc0
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow/releases/tag/v3.8.0rc0
5
reference_url https://huntr.com/bounties/229cd526-41aa-4819-b6f0-e2d0371c89e3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://huntr.com/bounties/229cd526-41aa-4819-b6f0-e2d0371c89e3
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-14287
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-14287
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2447690
reference_id 2447690
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2447690
fixed_packages
0
url pkg:pypi/mlflow@3.8.0rc0
purl pkg:pypi/mlflow@3.8.0rc0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cu1t-7wnm-y7hk
1
vulnerability VCID-g9p5-4cqv-qfew
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@3.8.0rc0
aliases CVE-2025-14287, GHSA-xch3-2f9x-wh9f
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rkbn-tn99-rucq
2
url VCID-tbbj-9qan-ubgg
vulnerability_id VCID-tbbj-9qan-ubgg
summary 
MLflow Use of Default Password Authentication Bypass Vulnerability
This vulnerability allows remote attackers to bypass authentication on affected installations of MLflow. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the basic_auth.ini file. The file contains hard-coded default credentials. An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of the administrator.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2635.json
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2635.json
1
reference_url https://github.com/mlflow/mlflow
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow
2
reference_url https://github.com/mlflow/mlflow/commit/5bf2ec2bd4222a18d78631183ac7f6b752afe8a4
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow/commit/5bf2ec2bd4222a18d78631183ac7f6b752afe8a4
3
reference_url https://github.com/mlflow/mlflow/pull/19260
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow/pull/19260
4
reference_url https://github.com/mlflow/mlflow/releases/tag/v3.8.0rc0
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow/releases/tag/v3.8.0rc0
5
reference_url https://www.zerodayinitiative.com/advisories/ZDI-26-111
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.zerodayinitiative.com/advisories/ZDI-26-111
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2441514
reference_id 2441514
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2441514
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-2635
reference_id CVE-2026-2635
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-2635
8
reference_url https://github.com/advisories/GHSA-gq3w-7jj3-x7gr
reference_id GHSA-gq3w-7jj3-x7gr
reference_type
scores
url https://github.com/advisories/GHSA-gq3w-7jj3-x7gr
fixed_packages
0
url pkg:pypi/mlflow@3.8.0rc0
purl pkg:pypi/mlflow@3.8.0rc0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cu1t-7wnm-y7hk
1
vulnerability VCID-g9p5-4cqv-qfew
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@3.8.0rc0
aliases CVE-2026-2635, GHSA-gq3w-7jj3-x7gr
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tbbj-9qan-ubgg
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@3.8.0rc0