← back
CVE-2026-33866

Authorization Bypass in MLflow AJAX Endpoint

CVSS 5.3 MEDIUMEPSS 0.4%CWE-862
MLflow is vulnerable to an authorization bypass affecting the AJAX endpoint used to download saved model artifacts. Due to missing access‑control validation, a user without permissions to a given experiment can directly query this endpoint and retrieve model artifacts they are not authorized to access. This issue affects MLflow version through 3.10.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
Affected products
Mlflow · Mlflow
public PoCs found1
cve_referenceafine.com/blogs/attacking-mlflow-how-ml-artifacts-become-attack-vectorsunverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://afine.com/blogs/attacking-mlflow-how-ml-artifacts-become-attack-vectorshttps://cert.pl/en/posts/2026/04/CVE-2026-33865/https://github.com/mlflow/mlflow/pull/21708