CVE-2026-2651
CriticalCVSS 9.0Exploitation Probability (EPSS)
Low risk26th percentile — higher than 26% of all known CVEs
Summary
A vulnerability in MLflow versions up to 3.10.1.dev0 allows unauthorized access to multipart upload (MPU) endpoints when the `--serve-artifacts` mode is enabled. The authorization logic does not enforce resource-level permission checks for `/mlflow-artifacts/mpu/*` endpoints, enabling attackers to overwrite artifacts belonging to other users.
Risk Assessment
The risk includes unauthorized cross-user writes, model supply chain poisoning, and arbitrary code execution when compromised models are loaded.
Recommendation
Immediately upgrade MLflow to version 3.10.0 or later. If upgrading is not possible, disable the `--serve-artifacts` mode or restrict access to MPU endpoints using a firewall.
Original NVD description (English source)
A vulnerability in MLflow versions <=3.10.1.dev0 allows unauthorized access to multipart upload (MPU) endpoints when the `--serve-artifacts` mode is enabled. The authorization logic does not enforce resource-level permission checks for `/mlflow-artifacts/mpu/*` endpoints, enabling attackers to overwrite artifacts belonging to other users. This can lead to unauthorized cross-user writes, model supply chain poisoning, and arbitrary code execution when compromised models are loaded. The issue is resolved in version 3.10.0.

