lfprojects

Top products

The 15 most recently published vulnerabilities affecting lfprojects.

• CVE-2026-10803MLflow Dataset Digest Computation digest_utils.py mlflow.data.digest_utils weak hash3.6Jun 4, 2026
• CVE-2026-4035Environment Variable Resolution Vulnerability in mlflow/mlflow7.7Jun 3, 2026
• CVE-2026-3198Improper Access Control in mlflow/mlflow6.5Jun 2, 2026
• CVE-2026-2651Missing Authorization Validation in mlflow/mlflow9.0May 25, 2026
• CVE-2026-2734Authorization Bypass in SearchModelVersions in mlflow/mlflow6.5May 21, 2026
• CVE-2026-4137Incomplete Fix for CVE-2025-10279: Insecure Temporary Directory Permissions in mlflow/mlflow7.8May 18, 2026
• CVE-2026-2652Authentication Bypass in mlflow/mlflow8.6May 15, 2026
• CVE-2026-44428MCP Registry: GitHub OIDC tokens replayable across registry deployments due to shared audience4.7May 14, 2026
• CVE-2026-44429MCP Registry: Stored XSS in catalogue UI via attribute-quote breakout in publisher-controlled `websiteUrl`5.4May 14, 2026
• CVE-2026-44430MCP Registry: Unauthenticated SSRF: HTTP namespace verification dials 6to4 / NAT64 / site-local IPv6 addresses, bypassing private-address allowlist4.0May 14, 2026
• CVE-2026-2614Arbitrary File Read via Prompt Tag Source Validation Bypass in mlflow/mlflow7.5May 11, 2026
• CVE-2026-2393Server-Side Request Forgery (SSRF) in mlflow/mlflow7.1May 11, 2026
• CVE-2026-40090Zarf has a Path Traversal via Malicious Package Metadata.Name — Arbitrary File Write7.1Apr 14, 2026
• CVE-2026-35568MCP Java-SDK has a DNS Rebinding Vulnerability5.7Apr 7, 2026
• CVE-2026-33866Authorization Bypass in MLflow AJAX Endpoint4.3Apr 7, 2026