Authentication Bypass in mlflow/mlflow Product by Databricks

CVE-2026-2652

What is CVE-2026-2652?

CVE-2026-2652 is a security vulnerability found in the mlflow/mlflow product, specifically affecting versions 3.9.0 and earlier. Mlflow is an open-source platform designed for managing the machine learning lifecycle, including experimentation, reproducibility, and deployment. This vulnerability arises when the server is configured with authentication enabled (using the --app-name basic-auth option) and is served via uvicorn, an ASGI server. In this setup, certain FastAPI routes are left unprotected, allowing unauthorized users to bypass authentication completely. This flaw stems from how the permission middleware interacts with the different routing architectures of Flask and FastAPI. As a result, attackers can make unauthenticated requests to critical endpoints, leading to potential unauthorized actions and data exposure, all while the server assumes it is secure.

Potential impact of CVE-2026-2652

1. Unauthorized Job Management: Attackers can submit, read, and cancel jobs without proper authentication, which can disrupt workflow processes and lead to unauthorized execution of tasks within the application.

2. Data Manipulation: The vulnerability allows malicious actors to inject arbitrary data into ongoing experiments, potentially compromising the integrity of research outputs and analytical results from the mlflow platform.

3. Exposure of Sensitive Information: By accessing unprotected APIs, attackers can retrieve job results or other sensitive information, which could lead to data breaches and the leakage of proprietary or confidential project details.

References