PyPI: mlflow
CVE-2026-33866
Safety vulnerability ID: SFTY-20260407-09322
MLflow is vulnerable to an authorization bypass affecting the AJAX endpoint used to download saved model artifacts. Due to missing access‑control validation, a user without permissions to a given experiment can directly query this endpoint and retrieve model artifacts they are not authorized to access. This issue affects MLflow version through 3.10.1
Overview
MLflow is vulnerable to an authorization bypass affecting the AJAX endpoint
Advisory
MLflow is vulnerable to an authorization bypass affecting the AJAX endpoint
How to Fix
We recommend updating mlflow to the latest non-vulnerable version.
Mitigation and Workarounds
---
Vulnerable Functions
Functions linked to known vulnerabilities.
References
- https://getsafety.com/vulnerabilities/SFTY-20260407-09322/CVE-2026-33866
- https://nvd.nist.gov/vuln/detail/CVE-2026-33866
- https://github.com/mlflow/mlflow/pull/21708
- https://cert.pl/en/posts/2026/04/CVE-2026-33865
- https://github.com/mlflow/mlflow/commit/005b959cacda05d1423356cfcbd9ebeda8ff96a7
- https://afine.com/blogs/attacking-mlflow-how-ml-artifacts-become-attack-vectors
- https://github.com/advisories/GHSA-46r5-x6jq-v8g6
Verified by Safety
Our Cybersecurity Intelligence Team reviewed this vulnerability. We combine public data with our own research to find issues not yet reported to public sources.
Learn more