Authorization Flaw in MLflow Versions Allowing Unauthorized Model Version Enumeration
CVE-2026-2734

6.5MEDIUM

Key Information:

Vendor: Mlflow
Status: Mlflow/mlflow
Vendor: CVE Published:; 21 May 2026

What is CVE-2026-2734?

In certain versions of MLflow, an authorization flaw exists within the SearchModelVersions REST API endpoint and the mlflowSearchModelVersions GraphQL query. These components do not enforce the necessary per-model authorization checks when basic authentication is enabled. As a result, any authenticated user may access and enumerate all model versions across all registered models, bypassing permission restrictions. This lack of validation can lead to the exposure of sensitive information, such as model names, version descriptions, source URIs, tags, and other metadata. Consequently, this issue poses significant risks in multi-tenant environments where confidentiality and data integrity are paramount. The vulnerability has been addressed in version 3.10.0.

Affected Version(s)

mlflow/mlflow < 3.10.0

References

https://huntr.com/bounties/d632f783-b2c7-4a3b-af5e-1d693e...

https://github.com/mlflow/mlflow/commit/6989066af33fdcb03...

CVSS V3.0

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 21, 2026
Vulnerability Reserved
Feb 19, 2026

CVE-2026-2734 Data

JSON

Mlflow

What is CVE-2026-2734?

Affected Version(s)

References

CVSS V3.0

Timeline