Platform
python
Component
mlflow
Fixed in
3.11.0
3.10.2
3.11.0rc0
CVE-2026-33866 describes an authorization bypass vulnerability in MLflow, a platform for managing the machine learning lifecycle. This flaw allows unauthorized users to directly query and retrieve saved model artifacts, bypassing access controls. The vulnerability affects MLflow versions from 0.0.0 through 3.10.1, and a fix is available in version 3.11.0.
An attacker exploiting this vulnerability can gain unauthorized access to sensitive model artifacts stored within MLflow. This could include trained models, evaluation metrics, and other data crucial to the machine learning process. Successful exploitation could lead to data exfiltration, model manipulation, or even the deployment of malicious models. The blast radius extends to any environment utilizing MLflow for model management, potentially impacting the integrity and reliability of machine learning applications.
This vulnerability was publicly disclosed on 2026-04-07. Currently, there are no known public proof-of-concept exploits. The vulnerability is not listed on CISA KEV as of this writing. Given the nature of the bypass, it's likely to be a target for opportunistic attackers.
Exploit Status
EPSS
0.03% (10% percentile)
CISA SSVC
The primary mitigation for CVE-2026-33866 is to upgrade MLflow to version 3.11.0 or later, which includes the necessary access control validation. If upgrading is not immediately feasible, consider implementing stricter access controls at the underlying storage layer where MLflow artifacts are stored. While not a complete solution, this can provide an additional layer of defense. Review and audit existing MLflow configurations to ensure that access permissions are appropriately restricted.
Update MLflow to version 3.11.0 or higher to mitigate the authorization bypass vulnerability. This update implements the necessary access validation to protect model artifacts from unauthorized access.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-33866 is a vulnerability in MLflow versions 0.0.0–3.10.1 that allows unauthorized users to retrieve model artifacts bypassing access controls.
If you are using MLflow versions 0.0.0 through 3.10.1, you are potentially affected by this vulnerability.
Upgrade MLflow to version 3.11.0 or later to resolve the authorization bypass vulnerability. Consider implementing stricter access controls at the storage layer as an interim measure.
As of now, there are no confirmed reports of active exploitation, but the vulnerability is considered a potential target.
Refer to the MLflow security advisories and release notes for the latest information and updates regarding CVE-2026-33866.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your requirements.txt file and we'll tell you instantly if you're affected.