CVE-2026-2651
Unauthorized Artifact Overwrite in MLflow
Publication date: 2026-05-25
Last updated on: 2026-05-26
Assigner: huntr.dev
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mlflow | mlflow | to 3.10.0 (inc) |
| mlflow | mlflow | to 3.10.1.dev0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows unauthorized access and modification of artifacts belonging to other users, which can lead to unauthorized cross-user writes, model supply chain poisoning, and arbitrary code execution. Such unauthorized access and data manipulation can potentially violate data protection and security requirements mandated by common standards and regulations like GDPR and HIPAA, which require strict access controls and data integrity safeguards.
Specifically, the lack of resource-level permission checks could result in unauthorized disclosure or alteration of sensitive data or models, undermining confidentiality, integrity, and availability principles critical to compliance frameworks.
Can you explain this vulnerability to me?
This vulnerability exists in MLflow versions up to 3.10.1.dev0 when the --serve-artifacts mode is enabled. It allows unauthorized access to multipart upload (MPU) endpoints because the authorization logic does not properly enforce resource-level permission checks for the /mlflow-artifacts/mpu/* endpoints.
As a result, attackers can overwrite artifacts that belong to other users.
This can lead to unauthorized cross-user writes, model supply chain poisoning, and even arbitrary code execution when compromised models are loaded.
The issue is fixed in version 3.10.0.
How can this vulnerability impact me? :
This vulnerability can have severe impacts including unauthorized overwriting of artifacts belonging to other users.
It can enable attackers to perform model supply chain poisoning, which means malicious models could be introduced into your system.
Additionally, it can lead to arbitrary code execution when compromised models are loaded, potentially allowing attackers to execute malicious code on your system.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, upgrade MLflow to version 3.10.0 or later, where the issue is resolved.
Additionally, if you are using the `--serve-artifacts` mode, consider disabling it until the upgrade is applied to prevent unauthorized access to multipart upload endpoints.