Authentication Bypass in mlflow/mlflow Product by Databricks
CVE-2026-2652

8.6HIGH

Key Information:

Vendor: Mlflow
Status: Mlflow/mlflow
Vendor: CVE Published:; 15 May 2026

What is CVE-2026-2652?

A vulnerability in mlflow/mlflow allows unauthenticated access to specific FastAPI routes, even when the server is configured to require authentication. The flaw occurs when the server runs with basic-auth, but the FastAPI permission middleware is only enforcing authentication on the /gateway/ routes. This oversight leaves critical endpoints, including the Job API and OpenTelemetry trace ingestion API, susceptible to exploitation. Unauthenticated attackers can submit jobs, retrieve job results, cancel ongoing jobs, and inject malicious trace data into experiments. This issue stems from an architectural inconsistency between Flask and FastAPI's authentication frameworks, particularly within the _find_fastapi_validator() function, which fails to manage non-gateway paths effectively. The vulnerability was addressed in version 3.10.0.

Affected Version(s)

mlflow/mlflow < 3.10.0

References

https://huntr.com/bounties/5aeff5f0-49c7-4180-b5cb-c9a046...

https://github.com/mlflow/mlflow/commit/bb62e773263c14e9b...

CVSS V3.0

Score:

8.6

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 15, 2026
Vulnerability Reserved
Feb 18, 2026

CVE-2026-2652 Data

JSON

Mlflow

What is CVE-2026-2652?

Affected Version(s)

References

CVSS V3.0

Timeline