CVE-2026-0545
Authentication Bypass in MLflow FastAPI Jobs Enables RCE
Publication date: 2026-04-03
Last updated on: 2026-04-21
Assigner: huntr.dev
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| lfprojects | mlflow | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the mlflow/mlflow project where the FastAPI job endpoints under `/ajax-api/3.0/jobs/*` are not protected by authentication or authorization when the `basic-auth` app is enabled.
If job execution is enabled and any job function is allowlisted, any network client can submit, read, search, and cancel jobs without providing credentials, effectively bypassing the basic authentication.
This can lead to unauthenticated remote code execution if the allowed jobs perform privileged actions such as shell execution or filesystem changes. Even if the jobs are safe, this still represents an authentication bypass that can result in job spam, denial of service, or exposure of data in job results.
How can this vulnerability impact me? :
This vulnerability can have several serious impacts:
- Unauthenticated remote code execution if allowed jobs perform privileged actions.
- Bypassing authentication, allowing any network client to submit, read, search, and cancel jobs.
- Potential job spam which could overwhelm the system.
- Denial of Service (DoS) due to abuse of job execution.
- Exposure of sensitive data in job results.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, ensure that the FastAPI job endpoints under `/ajax-api/3.0/jobs/*` are properly protected by authentication and authorization even when the `basic-auth` app is enabled.
Disable job execution by setting `MLFLOW_SERVER_ENABLE_JOB_EXECUTION=false` if job execution is not required.
Review and restrict the allowlisted job functions to prevent any privileged actions such as shell execution or filesystem changes.
Apply any available patches or updates from the mlflow repository that address this authentication bypass.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows unauthenticated access to job endpoints, bypassing authentication and authorization controls. Such unauthorized access can lead to data exposure in job results and potential denial of service, which may violate data protection and security requirements mandated by standards like GDPR and HIPAA.
Specifically, the lack of proper authentication could result in unauthorized disclosure of sensitive information or manipulation of job executions, undermining confidentiality and integrity principles essential for compliance with these regulations.