Platform
python
Component
mlflow
Fixed in
3.11.0
3.11.1
CVE-2026-33865 describes a Stored Cross-Site Scripting (XSS) vulnerability affecting MLflow, a machine learning lifecycle management platform. This vulnerability allows an authenticated attacker to inject malicious scripts through specially crafted MLmodel artifacts. The vulnerability impacts versions of MLflow from 0.0.0 through 3.10.1. A fix is available in version 3.11.0.
The XSS vulnerability arises from MLflow's unsafe parsing of YAML-based MLmodel artifacts within its web interface. An attacker can exploit this by crafting a malicious MLmodel file containing a JavaScript payload. When another authenticated user views this artifact in the MLflow UI, the payload executes within their browser context. This allows the attacker to perform actions on behalf of the victim, including stealing session cookies (session hijacking) and potentially executing arbitrary JavaScript code to manipulate the UI or access sensitive data. The blast radius is limited to authenticated users who view the malicious artifact, but the potential for session hijacking makes this a significant security concern.
CVE-2026-33865 was publicly disclosed on 2026-04-07. There are currently no known public proof-of-concept exploits available. The vulnerability is not listed on the CISA KEV catalog as of this writing. The likelihood of exploitation is considered low to medium, depending on the prevalence of vulnerable MLflow deployments and the attacker's motivation.
Exploit Status
EPSS
0.06% (18% percentile)
CISA SSVC
The primary mitigation for CVE-2026-33865 is to upgrade MLflow to version 3.11.0 or later, which includes a fix for the unsafe YAML parsing. If upgrading immediately is not feasible, consider implementing input validation on MLmodel artifacts before they are processed by MLflow. While not a complete solution, this can reduce the risk of malicious payloads being ingested. Review MLflow's documentation for best practices on secure artifact handling. After upgrading, confirm the fix by attempting to upload a test MLmodel artifact containing a simple JavaScript payload and verifying that it does not execute when viewed in the UI.
Update MLflow to version 3.11.0 or higher to mitigate the XSS vulnerability. This update corrects the way YAML-based MLmodel artifacts are parsed, preventing the execution of malicious scripts in the web interface.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-33865 is a Stored Cross-Site Scripting (XSS) vulnerability in MLflow versions up to 3.10.1, allowing attackers to inject malicious scripts through MLmodel artifacts.
If you are using MLflow versions 0.0.0 through 3.10.1, you are potentially affected by this vulnerability. Upgrade to 3.11.0 or later to mitigate the risk.
Upgrade MLflow to version 3.11.0 or later. Consider implementing input validation on MLmodel artifacts as a temporary workaround.
As of now, there are no confirmed reports of active exploitation, but the vulnerability is publicly known and could be targeted.
Refer to the MLflow security advisories and release notes on the official MLflow website or GitHub repository for the latest information.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your requirements.txt file and we'll tell you instantly if you're affected.