CVE-2026-2734— Authorization Bypass in SearchModelVersions in mlflow/mlflow
Possible ATT&CK Techniques 1AI
T1530 · Data from Cloud StorageAffected Version Matrix 1
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| mlflow | mlflow/mlflow | unspecified< 3.10.0 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-2734
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Authorization Bypass in SearchModelVersions in mlflow/mlflow
Source: NVD (National Vulnerability Database)
Vulnerability Description
In mlflow/mlflow versions up to 3.9.0, the `SearchModelVersions` REST API endpoint and the `mlflowSearchModelVersions` GraphQL query lack proper per-model authorization checks when basic authentication is enabled. This allows any authenticated user to enumerate all model versions across all registered models, regardless of their permission level. The issue arises due to the absence of `SearchModelVersions` in the `BEFORE_REQUEST_VALIDATORS` and `AFTER_REQUEST_HANDLERS` for the REST API, and its omission from `GraphQLAuthorizationMiddleware.PROTECTED_FIELDS` for GraphQL. This vulnerability can expose sensitive information such as model names, version descriptions, source URIs, tags, and other metadata, potentially revealing proprietary or confidential details in multi-tenant environments. The issue is resolved in version 3.10.0.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
访问控制不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
MLflow 访问控制错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
MLflow是MLflow开源的一个简化机器学习开发的平台,包括跟踪实验、将代码打包成可重复的运行以及共享和部署模型。 mlflow 3.9.0及之前版本存在访问控制错误漏洞,该漏洞源于SearchModelVersions REST API端点和mlflowSearchModelVersions GraphQL查询缺乏适当的每模型授权检查,可能导致经过身份验证的用户枚举所有模型版本。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| mlflow | mlflow/mlflow | unspecified ~ 3.10.0 | - |
II. Public POCs for CVE-2026-2734
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-2734
请登录查看更多情报信息。
Patches & Fixes for CVE-2026-2734 (1)
Vendor Advisories for CVE-2026-2734 (1)
IV. Related Vulnerabilities
Same product: mlflow/mlflow
- CVE-2026-2611
Improper Origin Validation in mlflow/mlflow - CVE-2026-4137
Incomplete Fix for CVE-2025-10279: Insecure Temporary Direct - CVE-2026-2652
Authentication Bypass in mlflow/mlflow - CVE-2026-2614
Arbitrary File Read via Prompt Tag Source Validation Bypass - CVE-2026-2393
Server-Side Request Forgery (SSRF) in mlflow/mlflow
Same vendor: mlflow
- CVE-2026-2611
Improper Origin Validation in mlflow/mlflow - CVE-2026-4137
Incomplete Fix for CVE-2025-10279: Insecure Temporary Direct - CVE-2026-2652
Authentication Bypass in mlflow/mlflow - CVE-2026-2614
Arbitrary File Read via Prompt Tag Source Validation Bypass - CVE-2026-2393
Server-Side Request Forgery (SSRF) in mlflow/mlflow
V. Comments for CVE-2026-2734
No comments yet