Mlflow Latest Vulnerabilities

Command Injection Vulnerability in mlflow by Databricks

CVE-2026-0596

MlflowMlflow/mlflow9.6CRITICAL

Command Injection Vulnerability in MLflow Model Serving

CVE-2025-15379

MlflowMlflow/mlflow10CRITICAL

Path Traversal Vulnerability in MLflow Affects File Access and Security

CVE-2025-15036

MlflowMlflow/mlflow9.6CRITICAL

Unauthorized Access in Mlflow’s Basic Auth Application

CVE-2025-15381

MlflowMlflow/mlflow8.1HIGH

Arbitrary File Write Vulnerability in MLflow by Databricks

CVE-2025-15031

MlflowMlflow/mlflow8.1HIGH

Command Injection Vulnerability in MLflow by Databricks

CVE-2025-14287

MlflowMlflow/mlflow7.5HIGH

Authentication Bypass Vulnerability in MLflow from Databricks

CVE-2026-2635

MlflowMlflow9.8CRITICAL

Directory Traversal Remote Code Execution Vulnerability in MLflow Tracking Server

CVE-2026-2033

MlflowMlflow8.1HIGH

Insecure Permissions in MLflow Allow Arbitrary Code Execution

CVE-2025-10279

MlflowMlflow/mlflow7HIGH

DNS Rebinding Vulnerability in MLFlow by Databricks

CVE-2025-14279

MlflowMlflow/mlflow8.1HIGH

Authentication Bypass Vulnerability in MLflow by Databricks

CVE-2025-11200

MlflowMlflow8.1HIGH

Directory Traversal Vulnerability in MLflow Tracking Server

CVE-2025-11201

MlflowMlflow8.1HIGH

Denial of Service Vulnerability in MLflow by Databricks

CVE-2025-0453

MlflowMlflow/mlflow7.5HIGH

Passwordless User Account Creation in MLflow by Databricks

CVE-2025-1474

MlflowMlflow/mlflow5.5MEDIUM

Cross-Site Request Forgery Flaw in mlflow Product by MLflow

CVE-2025-1473

MlflowMlflow/mlflow7.1HIGH

Path Traversal Vulnerability in MLflow Product by Databricks

CVE-2024-8859

MlflowMlflow/mlflowEPSS 26%7.5HIGH

Denial of Service Vulnerability in MLflow by Databricks

CVE-2024-6838

MlflowMlflow/mlflow5.3MEDIUM

Local File Inclusion Vulnerability in mlflow Affects Version 2.9.2

CVE-2024-2928

MlflowMlflow/mlflowEPSS 91%7.5HIGH

Remote Code Execution Vulnerability in mlflow/mlflow version 8.2.1

CVE-2024-0520

MlflowMlflow/mlflow8.8HIGH

Denial of Service and Data Model Poisoning via URL Encoding in mlflow/mlflow

CVE-2024-3099

MlflowMlflow/mlflow5.4MEDIUM

Arbitrary Code Execution Vulnerability in MLflow Platform

CVE-2024-37061

MlflowMlflow8.8HIGH

Arbitrary Code Execution Vulnerability in MLflow Platform

CVE-2024-37060

MlflowMlflow8.8HIGH

Arbitrary Code Execution Vulnerability in MLflow Platform

CVE-2024-37059

MlflowMlflow8.8HIGH

Arbitrary Code Execution Vulnerability in MLflow Platform

CVE-2024-37058

MlflowMlflow8.8HIGH

Arbitrary Code Execution Vulnerability in MLflow Platform

CVE-2024-37057

MlflowMlflow8.8HIGH

mlflow Latest Vulnerabilities

Vulnerability Published:

Sort By:

31 March 2026

Command Injection Vulnerability in mlflow by Databricks

30 March 2026

Command Injection Vulnerability in MLflow Model Serving

Path Traversal Vulnerability in MLflow Affects File Access and Security

27 March 2026

Unauthorized Access in Mlflow’s Basic Auth Application

18 March 2026

Arbitrary File Write Vulnerability in MLflow by Databricks

15 March 2026

Command Injection Vulnerability in MLflow by Databricks

20 February 2026

Authentication Bypass Vulnerability in MLflow from Databricks

Directory Traversal Remote Code Execution Vulnerability in MLflow Tracking Server

2 February 2026

Insecure Permissions in MLflow Allow Arbitrary Code Execution

12 January 2026

DNS Rebinding Vulnerability in MLFlow by Databricks

29 October 2025

Authentication Bypass Vulnerability in MLflow by Databricks

Directory Traversal Vulnerability in MLflow Tracking Server

20 March 2025

Denial of Service Vulnerability in MLflow by Databricks

Passwordless User Account Creation in MLflow by Databricks

Cross-Site Request Forgery Flaw in mlflow Product by MLflow

Path Traversal Vulnerability in MLflow Product by Databricks

Denial of Service Vulnerability in MLflow by Databricks

6 June 2024

Local File Inclusion Vulnerability in mlflow Affects Version 2.9.2

Remote Code Execution Vulnerability in mlflow/mlflow version 8.2.1

Denial of Service and Data Model Poisoning via URL Encoding in mlflow/mlflow

4 June 2024

Arbitrary Code Execution Vulnerability in MLflow Platform

Arbitrary Code Execution Vulnerability in MLflow Platform

Arbitrary Code Execution Vulnerability in MLflow Platform

Arbitrary Code Execution Vulnerability in MLflow Platform

Arbitrary Code Execution Vulnerability in MLflow Platform