CVE 8.6 HIGH

Authentication Bypass in mlflow/mlflow_CVE-2026-2652

May 14, 2026 invoker category_cve
8.6 / 10
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L

Description

A vulnerability in mlflow/mlflow versions 3.9.0 and earlier allows unauthenticated access to certain FastAPI routes when the server is started with authentication enabled (`--app-name basic-auth`) and served via uvicorn (ASGI). The FastAPI permission middleware only enforces authentication on `/gateway/` routes, leaving other routes such as the Job API (`/ajax-api/3.0/jobs/*`) and the OpenTelemetry trace ingestion API (`/v1/traces`) unprotected. This allows unauthenticated remote attackers to submit jobs, read job results, cancel running jobs, and inject arbitrary trace data into experiments. The issue arises from an architectural mismatch between Flask and FastAPI authentication mechanisms, where the `_find_fastapi_validator()` function fails to handle non-`/gateway/` paths, resulting in a complete authentication bypass. This vulnerability is fixed in version 3.10.0.

AI Analysis

Unauthenticated access to certain FastAPI routes due to an architectural mismatch between Flask and FastAPI authentication mechanisms

Basic Information

ID CVE-2026-2652
Source @huntr_ai
Published May 15, 2026 at 02:13

Affected Product

Vendor mlflow
Product mlflow/mlflow
Version 3.9.0
Affected Versions mlflow mlflow/mlflow unspecified

CWE Classification

CWE-305

AI Assessment

AI Score 8.6 / 10
AI Severity High
Product mlflow
Version 3.9.0

References

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.