GHSA-vhcx-3pq2-4fvc

Source

https://github.com/advisories/GHSA-vhcx-3pq2-4fvc

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/03/GHSA-vhcx-3pq2-4fvc/GHSA-vhcx-3pq2-4fvc.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-vhcx-3pq2-4fvc

Aliases

CVE-2025-15036

Published

2026-03-30T03:30:19Z

Modified

2026-04-01T00:17:36.343752Z

Severity

9.6 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H CVSS Calculator

Summary

MLFlow path traversal vulnerability

Details

A path traversal vulnerability exists in the extract_archive_to_dir function within the mlflow/pyfunc/dbconnect_artifact_cache.py file of the mlflow/mlflow repository. This vulnerability, present in versions before v3.7.0, arises due to the lack of validation of tar member paths during extraction. An attacker with control over the tar.gz file can exploit this issue to overwrite arbitrary files or gain elevated privileges, potentially escaping the sandbox directory in multi-tenant or shared cluster environments.

Database specific

{
    "nvd_published_at": "2026-03-30T02:16:14Z",
    "severity": "CRITICAL",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-29"
    ],
    "github_reviewed_at": "2026-04-01T00:08:57Z"
}

References

Affected packages

PyPI / mlflow

Package

Name: mlflow; View open source insights on deps.dev
Purl: pkg:pypi/mlflow

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.9.0rc0

Affected versions

0.*

0.0.1

0.1.0

0.2.0

0.2.1

0.3.0

0.4.0

0.4.1

0.4.2

0.5.0

0.5.1

0.5.2

0.6.0

0.7.0

0.8.0

0.8.1

0.8.2

0.9.0

0.9.0.1

0.9.1

1.*

1.0.0

1.1.0

1.1.1.dev0

1.2.0

1.3.0

1.4.0

1.5.0

1.6.0

1.7.0

1.7.1

1.7.2

1.8.0

1.9.0

1.9.1

1.10.0

1.11.0

1.12.0

1.12.1

1.13

1.13.1

1.14.0

1.14.1

1.15.0

1.16.0

1.17.0

1.18.0

1.19.0

1.20.0

1.20.1

1.20.2

1.21.0

1.22.0

1.23.0

1.23.1

1.24.0

1.25.0

1.25.1

1.26.0

1.26.1

1.27.0

1.28.0

1.29.0

1.30.0

1.30.1

2.*

2.0.0rc0

2.0.0

2.0.1

2.1.0

2.1.1

2.2.0

2.2.1

2.2.2

2.3.0

2.3.1

2.3.2

2.4.0

2.4.1

2.4.2

2.5.0

2.6.0

2.7.0

2.7.1

2.8.0

2.8.1

2.9.0

2.9.1

2.9.2

2.10.0

2.10.1

2.10.2

2.11.0

2.11.1

2.11.2

2.11.3

2.11.4

2.12.0

2.12.1

2.12.2

2.13.0

2.13.1

2.13.2

2.14.0rc0

2.14.0

2.14.1

2.14.2.dev0

2.14.2

2.14.3

2.15.0rc0

2.15.0

2.15.1

2.16.0

2.16.1

2.16.2

2.17.0rc0

2.17.0

2.17.1

2.17.2

2.18.0rc0

2.18.0

2.19.0rc0

2.19.0

2.20.0rc0

2.20.0

2.20.1

2.20.2

2.20.3

2.20.4

2.21.0rc0

2.21.0

2.21.1

2.21.2

2.21.3

2.22.0rc0

2.22.0

2.22.1

2.22.2

2.22.3

2.22.4

3.*

3.0.0rc0

3.0.0rc1

3.0.0rc2

3.0.0rc3

3.0.0

3.0.1

3.1.0rc0

3.1.0

3.1.1

3.1.2

3.1.3

3.1.4

3.2.0rc0

3.2.0

3.3.0rc0

3.3.0

3.3.1

3.3.2

3.4.0rc0

3.4.0

3.5.0rc0

3.5.0

3.5.1

3.6.0rc0

3.6.0

3.7.0rc0

3.7.0

3.8.0rc0

3.8.0

3.8.1

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/03/GHSA-vhcx-3pq2-4fvc/GHSA-vhcx-3pq2-4fvc.json"