Plattform
python
Komponente
mlflow
Behoben in
3.10.2
CVE-2026-0545 is a critical vulnerability affecting MLflow versions up to 3.10.1. It allows unauthenticated attackers to submit, read, search, and cancel jobs through unsecured FastAPI endpoints. If job execution is enabled and allowlisted functions are present, this can lead to remote code execution. A patch is available; upgrading is the recommended remediation.
This vulnerability presents a significant risk of remote code execution. An attacker can leverage the unsecured /ajax-api/3.0/jobs/* endpoints to submit arbitrary jobs, potentially triggering actions with elevated privileges. If the allowlisted job functions include shell execution or filesystem modifications, an attacker could gain complete control over the MLflow server and potentially the underlying system. The lack of authentication means any network client can exploit this, significantly broadening the attack surface. This vulnerability is particularly concerning given the increasing adoption of MLflow for machine learning workflows, which often involve sensitive data and critical infrastructure.
This vulnerability was publicly disclosed on 2026-04-03. There is currently no indication of active exploitation in the wild, but the ease of exploitation and the potential impact make it a high-priority concern. The vulnerability is not currently listed on the CISA KEV catalog. Public proof-of-concept code is likely to emerge given the vulnerability's nature.
Organizations deploying MLflow in production environments, particularly those with job execution enabled and exposed to external networks, are at significant risk. Shared hosting environments where multiple users share the same MLflow instance are also particularly vulnerable, as an attacker could potentially compromise the entire environment.
• python / server:
import requests
import json
url = 'http://your-mlflow-server/ajax-api/3.0/jobs/'
try:
response = requests.get(url, timeout=5)
response.raise_for_status()
if response.status_code == 200:
print('Potential vulnerability: Unauthenticated access to job endpoints.')
else:
print('Endpoint access restricted (expected).')
except requests.exceptions.RequestException as e:
print(f'Error connecting to endpoint: {e}')• linux / server:
journalctl -u mlflow -f | grep -i "unauthorized access"• generic web:
curl -I http://your-mlflow-server/ajax-api/3.0/jobs/ | grep -i 'HTTP/1.1 200 OK'disclosure
Exploit-Status
EPSS
0.24% (47% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation is to upgrade MLflow to a version containing the fix. If immediate upgrading is not possible due to compatibility issues or breaking changes, consider disabling job execution (MLFLOWSERVERENABLEJOBEXECUTION=false) as a temporary workaround. Additionally, carefully review and restrict the allowlisted job functions to minimize the potential impact of any successful exploitation. Implementing a Web Application Firewall (WAF) with rules to block unauthorized access to the /ajax-api/3.0/jobs/* endpoints can provide an additional layer of defense. After upgrade, confirm by attempting to submit a job without authentication and verifying that access is denied.
Actualice a la última versión de MLflow. Asegúrese de que la ejecución de trabajos esté configurada correctamente con autenticación y autorización adecuadas. Si la ejecución de trabajos está habilitada, revise cuidadosamente las funciones permitidas para evitar la ejecución de código no autenticado.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-0545 is a critical vulnerability in MLflow versions up to 3.10.1 that allows unauthenticated attackers to execute code via unsecured job endpoints.
If you are running MLflow version 3.10.1 or earlier, and job execution is enabled, you are likely affected by this vulnerability.
Upgrade to a patched version of MLflow. If an upgrade is not immediately possible, disable job execution or restrict access to the vulnerable endpoints.
While no active exploitation campaigns have been confirmed, the ease of exploitation makes it a high-priority vulnerability.
Refer to the MLflow security advisories on the MLflow GitHub repository for the latest information and updates.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine requirements.txt-Datei hoch und wir sagen dir sofort, ob du betroffen bist.