{"data":{"id":"6bc9bcf5-c7de-4e66-8059-5bbb48503054","title":"CVE-2026-2611: In MLflow version 3.9.0, the MLflow Assistant feature introduced improper origin validation in its /ajax-api endpoints. ","summary":"MLflow version 3.9.0 has a vulnerability in its Assistant feature where /ajax-api endpoints don't properly validate the origin (the source website making a request). This allows an attacker on a malicious webpage to send cross-origin requests (requests from a different domain) to trick the MLflow Assistant running on a victim's computer, bypass security restrictions meant to only allow local access, and execute arbitrary commands (run any code they choose) through the Claude Code sub-agent.","solution":"Update to MLflow version 3.10.0, where this issue is resolved.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-2611","publishedAt":"2026-05-19T10:16:22.983Z","cveId":"CVE-2026-2611","cweIds":["CWE-346"],"cvssScore":null,"cvssSeverity":null,"severity":"critical","attackType":["rag_poisoning"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["Anthropic"],"affectedVendorsRaw":["MLflow","Claude"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-05-19T10:16:22.983Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","availability"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}