MLflow Vulnerabilities

pip MLOps

AI Threat Alert tracks 74 known vulnerabilities in MLflow, 18 rated critical — an AI/ML mlops in the pip ecosystem. Each CVE includes CVSS severity, EPSS exploit probability, patch status, and CISO-grade analysis.

Data sources
81
Risk Score
74
Total CVEs
18
Critical
pip
Ecosystem
Jul 2, 2026
Last CVE
31%
Patch Rate
76d
Avg Time to Patch
26,749 stars 5,915 forks 2,012 issues 655 dependents Last push Jun 27, 2026
View on GitHub
OpenSSF Scorecard 5.4/10

Known Vulnerabilities (74 total, page 1 of 3)

Severity CVE ID Summary CVSS Published
UNKNOWN CVE-2026-8147 MLflow: auth bypass allows cross-experiment trace access -- Jul 2, 2026 CRITICAL CVE-2026-2651 A vulnerability in MLflow versions <=3.10.1.dev0 allows unauthorized access to multipart upload (MPU) endpoints when the `--serve-artifacts` mode is enabled. The authorization logic does not enforce resource-level permission checks for `/mlflow-artifacts/mpu/*` endpoints, enabling attackers to overwrite artifacts belonging to other users. This can lead to unauthorized cross-user writes, model supply chain poisoning, and arbitrary code execution when compromised models are loaded. The issue is re 9.0 May 25, 2026 LOW CVE-2026-10803 MLflow: weak dataset hash allows integrity bypass 3.6 Jun 4, 2026 HIGH CVE-2026-4035 MLflow: AI Gateway leaks cloud credentials via env injection 7.7 Jun 3, 2026 UNKNOWN CVE-2026-3198 MLflow: auth bypass exposes gateway secrets and keys -- Jun 2, 2026 MEDIUM CVE-2026-2734 MLflow: missing authz exposes all model versions 6.5 May 21, 2026 CRITICAL CVE-2026-2611 MLflow: cross-origin bypass enables RCE via AI agent 9.6 May 19, 2026 HIGH CVE-2026-4137 MLflow: insecure tmp dir perms enable model artifact RCE 7.0 May 18, 2026 HIGH CVE-2026-2652 MLflow: auth bypass exposes Job API and trace injection 8.6 May 15, 2026 HIGH CVE-2026-2614 MLflow: path traversal allows unauthenticated file read 7.5 May 11, 2026 HIGH CVE-2026-2393 MLflow: SSRF in webhook URL enables cloud credential theft 7.1 May 11, 2026 HIGH CVE-2026-44244 GitPython: git config injection enables hook RCE 7.8 May 6, 2026 MEDIUM CVE-2026-33866 MLflow: auth bypass exposes model artifacts across experiments 4.3 Apr 7, 2026 MEDIUM CVE-2026-33865 MLflow: stored XSS via MLmodel YAML artifact upload -- Apr 7, 2026 CRITICAL CVE-2026-0545 MLflow: auth bypass in job API enables unauthenticated RCE 9.1 Apr 3, 2026 CRITICAL CVE-2026-0596 MLflow: command injection via model_uri in mlserver mode 9.6 Mar 31, 2026 CRITICAL CVE-2025-15379 MLflow: RCE via unsanitized model dependency specs 10.0 Mar 30, 2026 CRITICAL CVE-2025-15036 MLflow: path traversal enables sandbox escape, file overwrite 9.6 Mar 30, 2026 HIGH CVE-2025-15381 MLflow: broken access control exposes experiment traces 8.1 Mar 27, 2026 CRITICAL CVE-2025-15031 mlflow: Path Traversal enables file access 9.1 Mar 18, 2026 HIGH CVE-2025-14287 mlflow: Code Injection enables RCE 7.5 Mar 16, 2026 CRITICAL CVE-2026-2635 mlflow: security flaw enables exploitation 9.8 Feb 20, 2026 HIGH CVE-2026-2033 mlflow: Path Traversal enables file access 8.1 Feb 20, 2026 HIGH CVE-2025-10279 mlflow: security flaw enables exploitation 7.0 Feb 2, 2026 HIGH CVE-2025-14279 mlflow: security flaw enables exploitation 8.1 Jan 12, 2026

Showing 1–25 of 74

Frequently asked questions

What is MLflow?

MLflow is an AI/ML mlops tracked by AI Threat Alert for security vulnerabilities in the pip ecosystem.

How many known vulnerabilities does MLflow have?

MLflow has 74 known CVEs, 18 of them critical, tracked from NVD and GitHub Advisory.

Which ecosystem is MLflow distributed in?

MLflow is distributed via the pip ecosystem and categorized as mlops.

Where does the MLflow vulnerability data come from?

Vulnerability data is sourced from NVD and GitHub Advisory, enriched with CVSS, EPSS, exploit signals, and patch status for each CVE.

How do I assess the risk of MLflow?

Review each CVE below — every entry shows CVSS severity, EPSS exploit probability, exploitation signals, and whether a patched version is available.

Monitor MLflow in your stack

Get instant alerts when new vulnerabilities affect MLflow. CISO analysis, ATLAS technique mappings, and compliance reports included.

Start Monitoring