Cross-Origin Vulnerability in MLflow Assistant by Databricks
CVE-2026-2611

9.6CRITICAL

Key Information:

Vendor: Mlflow
Status: Mlflow/mlflow
Vendor: CVE Published:; 19 May 2026

What is CVE-2026-2611?

In MLflow version 3.9.0, a cross-origin vulnerability exists in the MLflow Assistant feature, specifically within its /ajax-api endpoints. This flaw permits remote attackers to exploit cross-origin requests originating from malicious web pages, enabling interaction with MLflow Assistant instances running on victim machines. By circumventing the loopback-only restriction, attackers can manipulate the Assistant's configuration, granting them enhanced access privileges. This vulnerability poses a risk of arbitrary command execution through the Claude Code sub-agent. The issue has been rectified in version 3.10.0.

Affected Version(s)

mlflow/mlflow < 3.10.0

References

https://huntr.com/bounties/8462addd-b464-4a84-b6a2-552960...

https://github.com/mlflow/mlflow/commit/8f9c8a53af9084294...

CVSS V3.0

Score:

9.6

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 19, 2026
Vulnerability Reserved
Feb 17, 2026

CVE-2026-2611 Data

JSON

Mlflow

What is CVE-2026-2611?

Affected Version(s)

References

CVSS V3.0

Timeline