Package impact
PyPI / mlflow
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-2652 | high | 8.6 | 8.6 | 20d ago | MLflow: unauthenticated access to certain FastAPI routes | |||
| CVE-2026-4137 | high | 7.8 | 7.8 | 17d ago | In mlflow/mlflow versions prior to 3.11.0, the `get_or_create_nfs_tmp_dir()` function in `mlflow/utils/file_utils.py` creates temporary directories with world-writable permissions (0o777), and the `_… | |||
| CVE-2026-2614 | high | 7.5 | 7.5 | 24d ago | MLflow allows an unauthenticated remote attacker to read arbitrary files from the server's filesystem | |||
| CVE-2026-2393 | high | 7.1 | 7.1 | 24d ago | MLflow Has a Server-Side Request Forgery (SSRF) Vulnerability | |||
| CVE-2025-15381 | high | 7.1 | 7.1 | 2mo ago | MLFlow allows Tracing + Assessments Access |