XSS Vulnerability in MLflow Affects Data Management and Analysis
CVE-2026-33865

5.1MEDIUM

Key Information:

Vendor

Mlflow

Status
Mlflow
Vendor
CVE Published:
7 April 2026

Badges

👾 Exploit Exists

What is CVE-2026-33865?

MLflow is prone to a Stored Cross-Site Scripting (XSS) vulnerability due to improper handling of YAML-based MLmodel artifacts in its web interface. This issue allows authenticated attackers to upload malicious MLmodel files containing payloads that execute when viewed by other users. Such exploitation could lead to session hijacking or unauthorized actions performed on behalf of the victim, posing significant risks to data integrity and user security.

Affected Version(s)

Mlflow 0 <= 3.10.1

References

https://github.com/mlflow/mlflow/pull/21435
patch
https://cert.pl/en/posts/2026/04/CVE-2026-33865/
third-party-advisory
https://afine.com/blogs/attacking-mlflow-how-ml-artifacts...
exploittechnical-description

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Sławomir Zakrzewski (AFINE)
.