PYSEC-2026-2219

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/mlflow/PYSEC-2026-2219.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-2219
Aliases
Published
2026-05-11T18:16:31.500Z
Modified
2026-07-13T16:45:08.114491424Z
Severity
  • 7.1 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N CVSS Calculator
Summary
[none]
Details

A Server-Side Request Forgery (SSRF) vulnerability exists in MLflow versions prior to 3.9.0. The _create_webhook() function in mlflow/server/handlers.py accepts a user-controlled url parameter without validation, and the _send_webhook_request() function in mlflow/webhooks/delivery.py sends HTTP POST requests to this attacker-controlled URL. This allows an authenticated attacker to force the MLflow backend to send HTTP requests to internal services, cloud metadata endpoints, or arbitrary external servers. The lack of input sanitization, URL scheme filtering, or allowlist validation on the webhook URL enables exploitation, potentially leading to cloud credential theft, internal network access, and data exfiltration.

References

Affected packages

PyPI / mlflow

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.9.0

Affected versions

0.*
0.0.1
0.1.0
0.2.0
0.2.1
0.3.0
0.4.0
0.4.1
0.4.2
0.5.0
0.5.1
0.5.2
0.6.0
0.7.0
0.8.0
0.8.1
0.8.2
0.9.0
0.9.0.1
0.9.1
1.*
1.0.0
1.1.0
1.1.1.dev0
1.2.0
1.3.0
1.4.0
1.5.0
1.6.0
1.7.0
1.7.1
1.7.2
1.8.0
1.9.0
1.9.1
1.10.0
1.11.0
1.12.0
1.12.1
1.13
1.13.1
1.14.0
1.14.1
1.15.0
1.16.0
1.17.0
1.18.0
1.19.0
1.20.0
1.20.1
1.20.2
1.21.0
1.22.0
1.23.0
1.23.1
1.24.0
1.25.0
1.25.1
1.26.0
1.26.1
1.27.0
1.28.0
1.29.0
1.30.0
1.30.1
2.*
2.0.0rc0
2.0.0
2.0.1
2.1.0
2.1.1
2.2.0
2.2.1
2.2.2
2.3.0
2.3.1
2.3.2
2.4.0
2.4.1
2.4.2
2.5.0
2.6.0
2.7.0
2.7.1
2.8.0
2.8.1
2.9.0
2.9.1
2.9.2
2.10.0
2.10.1
2.10.2
2.11.0
2.11.1
2.11.2
2.11.3
2.11.4
2.12.0
2.12.1
2.12.2
2.13.0
2.13.1
2.13.2
2.14.0rc0
2.14.0
2.14.1
2.14.2.dev0
2.14.2
2.14.3
2.15.0rc0
2.15.0
2.15.1
2.16.0
2.16.1
2.16.2
2.17.0rc0
2.17.0
2.17.1
2.17.2
2.18.0rc0
2.18.0
2.19.0rc0
2.19.0
2.20.0rc0
2.20.0
2.20.1
2.20.2
2.20.3
2.20.4
2.21.0rc0
2.21.0
2.21.1
2.21.2
2.21.3
2.22.0rc0
2.22.0
2.22.1
2.22.2
2.22.3
2.22.4
2.22.5
3.*
3.0.0rc0
3.0.0rc1
3.0.0rc2
3.0.0rc3
3.0.0
3.0.1
3.1.0rc0
3.1.0
3.1.1
3.1.2
3.1.3
3.1.4
3.2.0rc0
3.2.0
3.3.0rc0
3.3.0
3.3.1
3.3.2
3.4.0rc0
3.4.0
3.5.0rc0
3.5.0
3.5.1
3.6.0rc0
3.6.0
3.7.0rc0
3.7.0
3.8.0rc0
3.8.0
3.8.1
3.9.0rc0

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/mlflow/PYSEC-2026-2219.yaml"