AI Threat Alert
MLflow Vulnerabilities
pip MLOps 81
Risk Score
68
Total CVEs
16
Critical
pip
Ecosystem
May 19, 2026
Last CVE
26%
Patch Rate
58d
Avg Time to Patch
25,968 stars
5,741 forks
2,088 issues
636 dependents
Last push May 17, 2026
View on GitHub
OpenSSF Scorecard 4.6/10
Known Vulnerabilities (68 total, page 1 of 3)
Severity CVE ID Summary CVSS Published
UNKNOWN CVE-2026-2611 MLflow: cross-origin bypass enables RCE via AI agent -- May 19, 2026 UNKNOWN CVE-2026-4137 MLflow: insecure tmp dir perms enable model artifact RCE -- May 18, 2026 UNKNOWN CVE-2026-2652 MLflow: auth bypass exposes Job API and trace injection -- May 15, 2026 HIGH CVE-2026-2614 MLflow: path traversal allows unauthenticated file read 7.5 May 11, 2026 HIGH CVE-2026-2393 MLflow: SSRF in webhook URL enables cloud credential theft 7.1 May 11, 2026 HIGH CVE-2026-44244 GitPython: git config injection enables hook RCE 7.8 May 6, 2026 MEDIUM CVE-2026-33866 MLflow: auth bypass exposes model artifacts across experiments -- Apr 7, 2026 MEDIUM CVE-2026-33865 MLflow: stored XSS via MLmodel YAML artifact upload -- Apr 7, 2026 CRITICAL CVE-2026-0545 MLflow: auth bypass in job API enables unauthenticated RCE 9.1 Apr 3, 2026 CRITICAL CVE-2026-0596 MLflow: command injection via model_uri in mlserver mode 9.6 Mar 31, 2026 CRITICAL CVE-2025-15379 MLflow: RCE via unsanitized model dependency specs 10.0 Mar 30, 2026 CRITICAL CVE-2025-15036 MLflow: path traversal enables sandbox escape, file overwrite 9.6 Mar 30, 2026 HIGH CVE-2025-15381 MLflow: broken access control exposes experiment traces 8.1 Mar 27, 2026 CRITICAL CVE-2025-15031 mlflow: Path Traversal enables file access 9.1 Mar 18, 2026 HIGH CVE-2025-14287 mlflow: Code Injection enables RCE 7.5 Mar 16, 2026 CRITICAL CVE-2026-2635 mlflow: security flaw enables exploitation 9.8 Feb 20, 2026 HIGH CVE-2026-2033 mlflow: Path Traversal enables file access 8.1 Feb 20, 2026 HIGH CVE-2025-10279 mlflow: security flaw enables exploitation 7.0 Feb 2, 2026 HIGH CVE-2025-14279 mlflow: security flaw enables exploitation 8.1 Jan 12, 2026 CRITICAL CVE-2025-11201 mlflow: Path Traversal enables file access 9.8 Oct 29, 2025 CRITICAL CVE-2025-11200 mlflow: security flaw enables exploitation 9.8 Oct 29, 2025 MEDIUM CVE-2025-52967 MLflow: unauthenticated SSRF in gateway proxy 5.8 Jun 23, 2025 MEDIUM CVE-2025-1474 MLflow: passwordless accounts enable persistent backdoor 5.5 Mar 20, 2025 HIGH CVE-2025-1473 MLflow: CSRF in signup allows rogue account creation 7.1 Mar 20, 2025 HIGH CVE-2025-0453 MLflow: GraphQL DoS disables ML tracking server 7.5 Mar 20, 2025 Showing 1–25 of 68
Monitor MLflow in your stack
Get instant alerts when new vulnerabilities affect MLflow. CISO analysis, ATLAS technique mappings, and compliance reports included.
Start Monitoring