CVE-2026-33866

Source
https://cve.org/CVERecord?id=CVE-2026-33866
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-33866.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-33866
Aliases
Related
Published
2026-04-07T12:57:44.380Z
Modified
2026-07-08T08:12:49.979404297Z
Severity
  • 5.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N CVSS Calculator
Summary
Authorization Bypass in MLflow AJAX Endpoint
Details

MLflow is vulnerable to an authorization bypass affecting the AJAX endpoint used to download saved model artifacts. Due to missing access‑control validation, a user without permissions to a given experiment can directly query this endpoint and retrieve model artifacts they are not authorized to access.

This issue affects MLflow version through 3.10.1

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/33xxx/CVE-2026-33866.json",
    "cna_assigner": "CERT-PL",
    "cwe_ids": [
        "CWE-862"
    ]
}
References

Affected packages

Git / github.com/mlflow/mlflow

Affected ranges

Type
GIT
Repo
https://github.com/mlflow/mlflow
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
Database specific
{
    "source": [
        "AFFECTED_FIELD",
        "CPE_RANGE"
    ],
    "cpe": "cpe:2.3:a:lfprojects:mlflow:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.10.1"
        }
    ]
}

Affected versions

1.*
1.0.0
Other
nightly
v0.*
v0.2.0
v0.2.1
v0.3.0
v0.4.0
v0.4.1
v0.4.2
v0.5.0
v0.6.0
v0.7
v0.8.0
v0.8.1
v1.*
v1.7.0
v2.*
v2.2.0
v3.*
v3.0.0
v3.10.0
v3.10.0rc0
v3.10.1

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-33866.json"