Mlflow/mlflow
This hub aggregates every CVE we track for Mlflow/mlflow, a product in the ai ml space. Use it to gauge the current risk picture and drill into individual advisories.
54
CVEs tracked
14
Critical
32
High
0
In CISA KEV
Severity distribution
HIGH32CRITICAL14MEDIUM7LOW1
Monthly trend
0
0
0
0
0
0
0
0
5
0
0
0
0
0
0
0
0
0
1
1
6
1
7
2
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Mlflow/mlflow.
- CVE-2026-4035Environment Variable Resolution Vulnerability in mlflow/mlflow7.7
- CVE-2026-3198Improper Access Control in mlflow/mlflow6.5
- CVE-2026-2651Missing Authorization Validation in mlflow/mlflow9.0
- CVE-2026-2734Authorization Bypass in SearchModelVersions in mlflow/mlflow6.5
- CVE-2026-2611Improper Origin Validation in mlflow/mlflow9.6
- CVE-2026-4137Incomplete Fix for CVE-2025-10279: Insecure Temporary Directory Permissions in mlflow/mlflow7.8
- CVE-2026-2652Authentication Bypass in mlflow/mlflow8.6
- CVE-2026-2614Arbitrary File Read via Prompt Tag Source Validation Bypass in mlflow/mlflow7.5
- CVE-2026-2393Server-Side Request Forgery (SSRF) in mlflow/mlflow7.1
- CVE-2026-0545Missing Authentication for Critical Function in mlflow/mlflow9.8
- CVE-2026-0596Command Injection in mlflow/mlflow7.8
- CVE-2025-15379Command Injection in mlflow/mlflow9.8
- CVE-2025-15036Path Traversal Vulnerability in mlflow/mlflow10.0
- CVE-2025-15381Unauthorized Access to Tracing and Assessment Endpoints in mlflow/mlflow7.1
- CVE-2025-15031Path Traversal Vulnerability in mlflow/mlflow9.1
Product normalization is registry-driven with AI assist and human review. How it works