Missing Authorization Validation in mlflow/mlflow_CVE-2026-2651

9 / 10

CRITICAL

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Description

A vulnerability in MLflow versions <=3.10.1.dev0 allows unauthorized access to multipart upload (MPU) endpoints when the `--serve-artifacts` mode is enabled. The authorization logic does not enforce resource-level permission checks for `/mlflow-artifacts/mpu/*` endpoints, enabling attackers to overwrite artifacts belonging to other users. This can lead to unauthorized cross-user writes, model supply chain poisoning, and arbitrary code execution when compromised models are loaded. The issue is resolved in version 3.10.0.

AI Analysis

Unauthenticated access to multipart upload endpoints due to missing authorization validation, potentially leading to model supply chain poisoning and arbitrary code execution.

Basic Information

ID CVE-2026-2651

Source @huntr_ai

Published May 25, 2026 at 06:00

Affected Product

Vendor mlflow

Product mlflow/mlflow

Version unspecified

Affected Versions mlflow mlflow/mlflow unspecified

CWE Classification

CWE-862

AI Assessment

AI Score 9 / 10

AI Severity Critical

Vendor MLflow

Product MLflow

Version <=3.10.1.dev0

References

{
    "lastseen": "",
    "description": "A vulnerability in MLflow versions <=3.10.1.dev0 allows unauthorized access to multipart upload (MPU) endpoints when the `--serve-artifacts` mode is enabled. The authorization logic does not enforce resource-level permission checks for `/mlflow-artifacts/mpu/*` endpoints, enabling attackers to overwrite artifacts belonging to other users. This can lead to unauthorized cross-user writes, model supply chain poisoning, and arbitrary code execution when compromised models are loaded. The issue is resolved in version 3.10.0.",
    "published": "2026-05-25T06:00:34.002Z",
    "modified": "2026-05-25T06:00:34.002Z",
    "type": "cve",
    "title": "Missing Authorization Validation in mlflow/mlflow",
    "source": "@huntr_ai",
    "references": "https://huntr.com/bounties/65beb119-d3e0-4e03-af2f-fa98f78f83dc\nhttps://github.com/mlflow/mlflow/commit/d7290811d8f3c95366d80109424edc1fb1ad966f",
    "id": "CVE-2026-2651",
    "bulletinFamily": "",
    "cwe": [
        "CWE-862"
    ],
    "cvelist": null,
    "sourceData": "mlflow mlflow/mlflow unspecified",
    "sourceHref": "",
    "cvss": {
        "score": 9,
        "severity": "CRITICAL",
        "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
        "version": "3.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "mlflow/mlflow",
    "version": "unspecified",
    "vendor": "mlflow",
    "ai_description": "Unauthenticated access to multipart upload endpoints due to missing authorization validation, potentially leading to model supply chain poisoning and arbitrary code execution.",
    "ai_severity": "Critical",
    "ai_vendor": "MLflow",
    "ai_product": "MLflow",
    "ai_version": "<=3.10.1.dev0",
    "ai_score": 9
}