CVE-2026-2614: Arbitrary File Access in MLflow

An attacker exploiting this vulnerability can gain unauthorized access to sensitive files stored on the MLflow server. This could include configuration files, credentials, or even source code. The ability to read arbitrary files represents a significant data breach risk. While the vulnerability requires an unauthenticated attacker, the ease of exploitation makes it a high-priority concern. Successful exploitation could lead to the exposure of proprietary algorithms, training data, or other confidential information crucial to machine learning workflows. This vulnerability shares similarities with other file access bypasses where insufficient validation of user-supplied paths leads to unintended file disclosure.

1. प्रकाशित2026-05-11
2. संशोधित2026-05-12
3. EPSS अद्यतन2026-05-13

The primary mitigation for CVE-2026-2614 is to upgrade MLflow to version 3.10.0 or later, which contains the fix. If upgrading immediately is not feasible, consider implementing a temporary workaround by restricting access to the createmodelversion() handler. This can be achieved through network segmentation or access control lists (ACLs) to limit access to authorized users only. Additionally, monitor MLflow server logs for any suspicious activity related to file access requests, particularly those involving the mlflow.prompt.isprompt tag. After upgrading, confirm the fix by attempting to create a model version with a malicious mlflow.prompt.is_prompt tag and verifying that the server denies the request and does not serve arbitrary files.