PYSEC-2026-2220

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/mlflow/PYSEC-2026-2220.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-2220
Aliases
Published
2026-05-25T07:16:15.100Z
Modified
2026-07-13T16:45:09.276740322Z
Severity
  • 9.0 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A vulnerability in MLflow versions <=3.10.1.dev0 allows unauthorized access to multipart upload (MPU) endpoints when the --serve-artifacts mode is enabled. The authorization logic does not enforce resource-level permission checks for /mlflow-artifacts/mpu/* endpoints, enabling attackers to overwrite artifacts belonging to other users. This can lead to unauthorized cross-user writes, model supply chain poisoning, and arbitrary code execution when compromised models are loaded. The issue is resolved in version 3.10.0.

References

Affected packages

PyPI / mlflow

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.11.0rc0

Affected versions

0.*
0.0.1
0.1.0
0.2.0
0.2.1
0.3.0
0.4.0
0.4.1
0.4.2
0.5.0
0.5.1
0.5.2
0.6.0
0.7.0
0.8.0
0.8.1
0.8.2
0.9.0
0.9.0.1
0.9.1
1.*
1.0.0
1.1.0
1.1.1.dev0
1.2.0
1.3.0
1.4.0
1.5.0
1.6.0
1.7.0
1.7.1
1.7.2
1.8.0
1.9.0
1.9.1
1.10.0
1.11.0
1.12.0
1.12.1
1.13
1.13.1
1.14.0
1.14.1
1.15.0
1.16.0
1.17.0
1.18.0
1.19.0
1.20.0
1.20.1
1.20.2
1.21.0
1.22.0
1.23.0
1.23.1
1.24.0
1.25.0
1.25.1
1.26.0
1.26.1
1.27.0
1.28.0
1.29.0
1.30.0
1.30.1
2.*
2.0.0rc0
2.0.0
2.0.1
2.1.0
2.1.1
2.2.0
2.2.1
2.2.2
2.3.0
2.3.1
2.3.2
2.4.0
2.4.1
2.4.2
2.5.0
2.6.0
2.7.0
2.7.1
2.8.0
2.8.1
2.9.0
2.9.1
2.9.2
2.10.0
2.10.1
2.10.2
2.11.0
2.11.1
2.11.2
2.11.3
2.11.4
2.12.0
2.12.1
2.12.2
2.13.0
2.13.1
2.13.2
2.14.0rc0
2.14.0
2.14.1
2.14.2.dev0
2.14.2
2.14.3
2.15.0rc0
2.15.0
2.15.1
2.16.0
2.16.1
2.16.2
2.17.0rc0
2.17.0
2.17.1
2.17.2
2.18.0rc0
2.18.0
2.19.0rc0
2.19.0
2.20.0rc0
2.20.0
2.20.1
2.20.2
2.20.3
2.20.4
2.21.0rc0
2.21.0
2.21.1
2.21.2
2.21.3
2.22.0rc0
2.22.0
2.22.1
2.22.2
2.22.3
2.22.4
2.22.5
3.*
3.0.0rc0
3.0.0rc1
3.0.0rc2
3.0.0rc3
3.0.0
3.0.1
3.1.0rc0
3.1.0
3.1.1
3.1.2
3.1.3
3.1.4
3.2.0rc0
3.2.0
3.3.0rc0
3.3.0
3.3.1
3.3.2
3.4.0rc0
3.4.0
3.5.0rc0
3.5.0
3.5.1
3.6.0rc0
3.6.0
3.7.0rc0
3.7.0
3.8.0rc0
3.8.0
3.8.1
3.9.0rc0
3.9.0
3.10.0rc0
3.10.0
3.10.1

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/mlflow/PYSEC-2026-2220.yaml"