Vulnerability in Model Version Handler of MLflow by Databricks
CVE-2026-2614

7.5HIGH

Key Information:

Vendor: Mlflow
Status: Mlflow/mlflow
Vendor: CVE Published:; 11 May 2026

What is CVE-2026-2614?

A significant vulnerability in the _create_model_version() handler of MLflow allows unauthenticated remote attackers to read arbitrary files on the server's filesystem. This issue arises when a CreateModelVersion request contains the tag mlflow.prompt.is_prompt, which bypasses essential source path validation. Consequently, an attacker can set a local filesystem path as the model version source, leading to unauthorized access to sensitive files. The exploitation of this flaw compromises confidentiality and poses serious security risks. All users are advised to upgrade to MLflow version 3.10.0 or later, where this vulnerability has been addressed.

Affected Version(s)

mlflow/mlflow < 3.10.0

References

https://huntr.com/bounties/19380271-3fbf-4beb-987e-6fd706...

https://github.com/mlflow/mlflow/commit/6e801f4259d96804c...

CVSS V3.0

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 11, 2026
Vulnerability Reserved
Feb 17, 2026

CVE-2026-2614 Data

JSON

Mlflow

What is CVE-2026-2614?

Affected Version(s)

References

CVSS V3.0

Timeline