HIGHCVE-2024-1560CVSS 8.1

CVE-2024-1560: Path Traversal in MLflow

Platform

python

Component

mlflow

Fixed in

2.9.3

AI Confidence: highNVDEPSS 0.1%Reviewed: May 2026

View on NVD

Save

CVE-2024-1560 describes a path traversal vulnerability discovered in the MLflow artifact deletion functionality. This flaw allows attackers to bypass path validation and delete arbitrary directories on the server's filesystem. The vulnerability impacts MLflow versions up to 2.9.2 and is caused by an extra unquote operation during path sanitization. A fix is available.

Impact and Attack Scenarios

Successful exploitation of CVE-2024-1560 could lead to severe consequences, including complete data loss and system compromise. An attacker could delete critical MLflow artifacts, model files, or even core system directories, disrupting machine learning workflows and potentially leading to denial of service. The blast radius extends to any environment utilizing MLflow for model tracking and deployment, particularly those with inadequate access controls. This vulnerability shares similarities with other path traversal exploits where insufficient sanitization of user-supplied input allows for traversal outside of intended directories.

Exploitation Context

CVE-2024-1560 was publicly disclosed on April 16, 2024. There is no indication of this vulnerability being actively exploited in the wild at this time. The EPSS score is pending evaluation. Public proof-of-concept exploits are currently available, increasing the risk of exploitation if the vulnerability remains unpatched.

Threat Intelligence

Exploit Status

Proof of ConceptUnknown

CISA KEVNO

Internet ExposureHigh

EPSS

0.11% (29% percentile)

CVSS Vector

Affected Software

Componentmlflow

Vendorosv

Affected rangeFixed in

unspecified – latest—

2.9.22.9.3

Weakness Classification (CWE)

CWE-22

Timeline

Reserved2024-02-15
Published2024-04-16
Modified2025-02-04
EPSS updated2026-04-02

Unpatched — 768 days since disclosure

Mitigation and Workarounds

The primary mitigation for CVE-2024-1560 is to upgrade to a patched version of MLflow. Review MLflow's release notes for the latest version containing the fix. If upgrading is not immediately feasible, consider implementing stricter access controls to limit the user's ability to delete artifacts. Implement a Web Application Firewall (WAF) with rules to block requests containing suspicious path traversal patterns (e.g., '../'). Monitor MLflow logs for unusual file deletion activity. After upgrading, confirm the fix by attempting to delete a file outside of the intended artifact directory and verifying that the operation fails with an appropriate error.

How to fix

Update the mlflow library to a version later than 2.9.2. This will resolve the path traversal vulnerability. You can update using `pip install mlflow --upgrade`.

CVE Security Newsletter

Vulnerability analysis and critical alerts directly to your inbox.

Frequently asked questions

What is CVE-2024-1560 — Path Traversal in MLflow?

CVE-2024-1560 is a Path Traversal vulnerability in MLflow versions up to 2.9.2, allowing attackers to delete arbitrary files on the server.

Am I affected by CVE-2024-1560 in MLflow?

You are affected if you are using MLflow version 2.9.2 or earlier. Check your MLflow version and upgrade if necessary.

How do I fix CVE-2024-1560 in MLflow?

Upgrade to a patched version of MLflow. Consult the official MLflow release notes for the latest version with the fix.

Is CVE-2024-1560 being actively exploited?

There is currently no confirmed evidence of active exploitation, but public proof-of-concept exploits are available.

Where can I find the official MLflow advisory for CVE-2024-1560?

Refer to the MLflow GitHub security advisory: https://github.com/mlflow/mlflow/security/advisories/GHSA-9894-3937-3947