CVE Catalog

CVE-2026-2651

CriticalCVSS 9.0
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.35%

26th percentile — higher than 26% of all known CVEs

Summary

A vulnerability in MLflow versions up to 3.10.1.dev0 allows unauthorized access to multipart upload (MPU) endpoints when the `--serve-artifacts` mode is enabled. The authorization logic does not enforce resource-level permission checks for `/mlflow-artifacts/mpu/*` endpoints, enabling attackers to overwrite artifacts belonging to other users.

Risk Assessment

The risk includes unauthorized cross-user writes, model supply chain poisoning, and arbitrary code execution when compromised models are loaded.

Recommendation

Immediately upgrade MLflow to version 3.10.0 or later. If upgrading is not possible, disable the `--serve-artifacts` mode or restrict access to MPU endpoints using a firewall.

Original NVD description (English source)

A vulnerability in MLflow versions <=3.10.1.dev0 allows unauthorized access to multipart upload (MPU) endpoints when the `--serve-artifacts` mode is enabled. The authorization logic does not enforce resource-level permission checks for `/mlflow-artifacts/mpu/*` endpoints, enabling attackers to overwrite artifacts belonging to other users. This can lead to unauthorized cross-user writes, model supply chain poisoning, and arbitrary code execution when compromised models are loaded. The issue is resolved in version 3.10.0.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS