VulnerableCode Package Details - pkg:pypi/mlflow@3.5.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-cu1t-7wnm-y7hk Aliases: CVE-2026-33866 PYSEC-2026-94	MLflow is vulnerable to an authorization bypass affecting the AJAX endpoint used to download saved model artifacts. Due to missing access‑control validation, a user without permissions to a given experiment can directly query this endpoint and retrieve model artifacts they are not authorized to access. This issue affects MLflow version through 3.10.1	3.11.0rc0 Affected by 0 other vulnerabilities.
VCID-g9p5-4cqv-qfew Aliases: CVE-2026-33865 PYSEC-2026-93	MLflow is vulnerable to Stored Cross-Site Scripting (XSS) caused by unsafe parsing of YAML-based MLmodel artifacts in its web interface. An authenticated attacker can upload a malicious MLmodel file containing a payload that executes when another user views the artifact in the UI. This allows actions such as session hijacking or performing operations on behalf of the victim. This issue affects MLflow version through 3.10.1	3.11.0rc0 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-cu1t-7wnm-y7hk
Aliases:
CVE-2026-33866
PYSEC-2026-94

MLflow is vulnerable to an authorization bypass affecting the AJAX endpoint used to download saved model artifacts. Due to missing access‑control validation, a user without permissions to a given experiment can directly query this endpoint and retrieve model artifacts they are not authorized to access. This issue affects MLflow version through 3.10.1

3.11.0rc0
Affected by 0 other vulnerabilities.

VCID-g9p5-4cqv-qfew
Aliases:
CVE-2026-33865
PYSEC-2026-93

MLflow is vulnerable to Stored Cross-Site Scripting (XSS) caused by unsafe parsing of YAML-based MLmodel artifacts in its web interface. An authenticated attacker can upload a malicious MLmodel file containing a payload that executes when another user views the artifact in the UI. This allows actions such as session hijacking or performing operations on behalf of the victim. This issue affects MLflow version through 3.10.1

3.11.0rc0
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-twnx-dt83-nuf3	MLFlow is vulnerable to DNS rebinding attacks due to a lack of Origin header validation MLFlow versions up to and including 3.4.0 are vulnerable to DNS rebinding attacks due to a lack of Origin header validation in the MLFlow REST server. This vulnerability allows malicious websites to bypass Same-Origin Policy protections and execute unauthorized calls against REST endpoints. An attacker can query, update, and delete experiments via the affected endpoints, leading to potential data exfiltration, destruction, or manipulation. The issue is resolved in version 3.5.0.	CVE-2025-14279 GHSA-pgqp-8h46-6x4j

Vulnerability

Summary

Aliases

VCID-twnx-dt83-nuf3

MLFlow is vulnerable to DNS rebinding attacks due to a lack of Origin header validation MLFlow versions up to and including 3.4.0 are vulnerable to DNS rebinding attacks due to a lack of Origin header validation in the MLFlow REST server. This vulnerability allows malicious websites to bypass Same-Origin Policy protections and execute unauthorized calls against REST endpoints. An attacker can query, update, and delete experiments via the affected endpoints, leading to potential data exfiltration, destruction, or manipulation. The issue is resolved in version 3.5.0.

CVE-2025-14279
GHSA-pgqp-8h46-6x4j

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-02T04:49:28.636650+00:00	GitLab Importer	Fixing	VCID-twnx-dt83-nuf3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/mlflow/CVE-2025-14279.yml	38.6.0
2026-06-02T04:24:31.900479+00:00	Pypa Importer	Affected by	VCID-cu1t-7wnm-y7hk	https://github.com/pypa/advisory-database/blob/main/vulns/mlflow/PYSEC-2026-94.yaml	38.6.0
2026-06-02T04:24:31.168613+00:00	Pypa Importer	Affected by	VCID-g9p5-4cqv-qfew	https://github.com/pypa/advisory-database/blob/main/vulns/mlflow/PYSEC-2026-93.yaml	38.6.0