PyPI: mlflow
CVE-2026-2652
Safety vulnerability ID: SFTY-20260515-96927
Safety legacy ID: pyup.io-98855
Affected versions of the mlflow package are vulnerable to Authentication Bypass due to incomplete enforcement of authentication middleware on non-gateway routes when the server is run with --app-name basic-auth under uvicorn. The FastAPI permission middleware applies authentication only to /gateway/ paths, while the _find_fastapi_validator() function fails to handle other endpoints such as /ajax-api/3.0/jobs/ and /v1/traces, leaving them unprotected. An unauthenticated remote attacker can submit and cancel jobs, read job results, and inject arbitrary trace data into experiments by sending requests directly to these endpoints.
Overview
MLflow: unauthenticated access to certain FastAPI routes
Advisory
Affected versions of the mlflow package are vulnerable to Authentication Bypass due to incomplete enforcement of authentication middleware on non-gateway routes when the server is run with --app-name basic-auth under uvicorn. The FastAPI permission middleware applies authentication only to /gateway/ paths, while the _find_fastapi_validator() function fails to handle other endpoints such as /ajax-api/3.0/jobs/ and /v1/traces, leaving them unprotected. An unauthenticated remote attacker can submit and cancel jobs, read job results, and inject arbitrary trace data into experiments by sending requests directly to these endpoints.
How to Fix
Mitigation and Workarounds
---
Vulnerable Functions
Functions linked to known vulnerabilities.
References
- https://getsafety.com/vulnerabilities/SFTY-20260515-96927/CVE-2026-2652
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2652
- https://github.com/advisories/GHSA-75CM-X2W3-8MGF
- https://nvd.nist.gov/vuln/detail/CVE-2026-2652
- https://github.com/mlflow/mlflow/commit/bb62e773263c14e9ba4d1a82fe72d0de2442c6aa
- https://huntr.com/bounties/5aeff5f0-49c7-4180-b5cb-c9a046f16756
- https://github.com/advisories/GHSA-75cm-x2w3-8mgf
Verified by Safety
Our Cybersecurity Intelligence Team reviewed this vulnerability. We combine public data with our own research to find issues not yet reported to public sources.
Learn more