Unauthorized Access Vulnerability in MLflow by Databricks
CVE-2026-2651

9CRITICAL

Key Information:

Vendor: Mlflow
Status: Mlflow/mlflow
Vendor: CVE Published:; 25 May 2026

What is CVE-2026-2651?

A vulnerability in MLflow allows unauthorized users to access multipart upload (MPU) endpoints when the --serve-artifacts mode is enabled. The flawed authorization logic fails to enforce resource-level permission checks for the /mlflow-artifacts/mpu/* endpoints. This oversight enables attackers to overwrite artifacts owned by other users, which poses significant risks for data integrity, including unauthorized cross-user writes and the potential for model supply chain poisoning, leading to arbitrary code execution upon the loading of compromised models. The vulnerability has been addressed in version 3.10.0.

Affected Version(s)

mlflow/mlflow < 3.10.0

References

https://huntr.com/bounties/65beb119-d3e0-4e03-af2f-fa98f7...

https://github.com/mlflow/mlflow/commit/d7290811d8f3c9536...

CVSS V3.0

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 25, 2026
Vulnerability Reserved
Feb 18, 2026

CVE-2026-2651 Data

JSON

Mlflow

What is CVE-2026-2651?

Affected Version(s)

References

CVSS V3.0

Timeline