CVE-2026-33866

EUVD-2026-19609
MLflow is vulnerable to an authorization bypass affecting the AJAX endpoint used to download saved model artifacts. Due to missing access‑control validation, a user without permissions to a given experiment can directly query this endpoint and retrieve model artifacts they are not authorized to access.

 
This issue affects MLflow version through 3.10.1
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 1%
Affected Products (NVD)
VendorProductVersion
lfprojectsmlflow
𝑥
≤ 3.10.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://afine.com/blogs/attacking-mlflow-how-ml-artifacts-become-attack-vectors
https://cert.pl/en/posts/2026/04/CVE-2026-33865/
https://github.com/mlflow/mlflow/pull/21708