CVE-2026-2651
Missing Authorization Validation in mlflow/mlflow
Description
A vulnerability in MLflow versions <=3.10.1.dev0 allows unauthorized access to multipart upload (MPU) endpoints when the `--serve-artifacts` mode is enabled. The authorization logic does not enforce resource-level permission checks for `/mlflow-artifacts/mpu/*` endpoints, enabling attackers to overwrite artifacts belonging to other users. This can lead to unauthorized cross-user writes, model supply chain poisoning, and arbitrary code execution when compromised models are loaded. The issue is resolved in version 3.10.0.
How to fix CVE-2026-2651
To remediate CVE-2026-2651, upgrade the affected package to a fixed version below.
- —upgrade to 3.11.1 or later
Is CVE-2026-2651 being exploited?
No exploitation signal available. Neither CISA KEV nor a current EPSS score has been published for CVE-2026-2651.
Affected packages (1)
- from 0, < 3.11.1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.0 | CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H |