BIT-mlflow-2026-4137

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/mlflow/BIT-mlflow-2026-4137.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-mlflow-2026-4137

Aliases

CVE-2026-4137
GHSA-f2m9-wcf4-cwwx

Published

2026-06-05T05:49:11.238Z

Modified

2026-06-05T07:56:21.019105227Z

Summary

Incomplete Fix for CVE-2025-10279: Insecure Temporary Directory Permissions in mlflow/mlflow

Details

In mlflow/mlflow versions prior to 3.11.0, the get_or_create_nfs_tmp_dir() function in mlflow/utils/file_utils.py creates temporary directories with world-writable permissions (0o777), and the _create_model_downloading_tmp_dir() function in mlflow/pyfunc/__init__.py creates directories with group-writable permissions (0o770). These insecure permissions allow local attackers to tamper with model artifacts, such as cloudpickle-serialized Python objects, and achieve arbitrary code execution when the tampered artifacts are deserialized via cloudpickle.load(). This vulnerability is particularly critical in environments with shared NFS mounts, such as Databricks, where NFS is enabled by default. The issue is a continuation of the vulnerability class addressed in CVE-2025-10279, which was only partially fixed.

Database specific

{
    "severity": "High",
    "cpes": [
        "cpe:2.3:a:lfprojects:mlflow:*:*:*:*:*:*:*:*"
    ]
}

References

Affected packages

Bitnami / mlflow

Package

Name: mlflow
Purl: pkg:bitnami/mlflow

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.11.0

Database specific

source

"https://github.com/bitnami/vulndb/tree/main/data/mlflow/BIT-mlflow-2026-4137.json"