CVE-2026-33866
Last modified
CVE-2026-33866 is a medium-severity vulnerability rated 5.3/10 on the CVSS scale. MLflow is vulnerable to an authorization bypass affecting the AJAX endpoint used to download saved model artifacts. Due to missing access‑control validation, a user without permissions to a given experiment can directly query this endpoint and retrieve model artifacts they are not authorized to access. This issue affects MLflow version through 3.10.1. EPSS estimates a 0.36% chance of exploitation in the next 30 days.
Description
MLflow is vulnerable to an authorization bypass affecting the AJAX endpoint used to download saved model artifacts. Due to missing access‑control validation, a user without permissions to a given experiment can directly query this endpoint and retrieve model artifacts they are not authorized to access. This issue affects MLflow version through 3.10.1
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Lfprojects | Mlflow | <= 3.10.1 |
References
- https://afine.com/blogs/attacking-mlflow-how-ml-artifacts-become-attack-vectorsExploit, Third Party Advisory
- https://cert.pl/en/posts/2026/04/CVE-2026-33865/Third Party Advisory
- https://github.com/mlflow/mlflow/pull/21708Issue Tracking, Patch
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2026-33866?
How severe is CVE-2026-33866?
How do I fix CVE-2026-33866?
Are you affected by CVE-2026-33866?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST