Platform
python
Component
mlflow
Fixed in
3.10.2
CVE-2026-0545 is a critical vulnerability affecting MLflow versions up to 3.10.1. It allows unauthenticated attackers to submit, read, search, and cancel jobs through unsecured FastAPI endpoints. If job execution is enabled and allowlisted functions are present, this can lead to remote code execution. A patch is available; upgrading is the recommended remediation.
This vulnerability poses a significant risk because it allows attackers to execute arbitrary code on the MLflow server without authentication. An attacker could submit malicious jobs that perform actions such as shell execution or filesystem changes, potentially compromising the entire system. The lack of authentication means any network client can exploit this, significantly expanding the attack surface. Successful exploitation could lead to data breaches, system takeover, and denial of service. The impact is amplified if the MLflow server is integrated with other critical systems or data stores.
This vulnerability was publicly disclosed on 2026-04-03. The CVSS score of 9.1 indicates a critical severity. Public proof-of-concept exploits are likely to emerge given the ease of exploitation. While no active exploitation campaigns have been confirmed, the lack of authentication and the potential for remote code execution make this a high-priority vulnerability. It is not currently listed on CISA KEV.
Exploit Status
EPSS
0.24% (47% percentile)
CISA SSVC
CVSS Vector
The primary mitigation is to upgrade MLflow to a version that addresses this vulnerability. If an immediate upgrade is not possible, consider disabling job execution (MLFLOWSERVERENABLEJOBEXECUTION=false) as a temporary workaround. Additionally, carefully review and restrict the allowlisted job functions to minimize the potential impact of any exploited jobs. Implement a Web Application Firewall (WAF) with rules to block unauthorized access to the /ajax-api/3.0/jobs/* endpoints. Regularly monitor MLflow logs for suspicious activity.
Update to the latest version of MLflow. Ensure that job execution is configured correctly with appropriate authentication and authorization. If job execution is enabled, carefully review the allowlisted functions to prevent unauthenticated code execution.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-0545 is a critical vulnerability in MLflow versions up to 3.10.1 that allows unauthenticated attackers to execute code via unsecured job endpoints.
If you are running MLflow version 3.10.1 or earlier, and job execution is enabled, you are likely affected by this vulnerability.
Upgrade to a patched version of MLflow. If an upgrade is not immediately possible, disable job execution or restrict access to the vulnerable endpoints.
While no active exploitation campaigns have been confirmed, the ease of exploitation makes it a high-priority vulnerability.
Refer to the MLflow security advisories on the MLflow GitHub repository for the latest information and updates.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your requirements.txt file and we'll tell you instantly if you're affected.