{"data":{"id":"af4f3700-a85f-4c21-a683-50ded2e70464","title":"CVE-2026-33865: MLflow is vulnerable to Stored Cross-Site Scripting (XSS) caused by unsafe parsing of YAML-based MLmodel artifacts in it","summary":"MLflow has a stored XSS vulnerability (cross-site scripting, where malicious code hidden in data executes when viewed in a web browser) in how it handles YAML-based MLmodel artifact files. An authenticated attacker can upload a specially crafted MLmodel file that runs malicious code when another user views it in the web interface, potentially letting the attacker hijack sessions or perform actions as that user. This affects MLflow version 3.10.1 and earlier.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-33865","publishedAt":"2026-04-07T13:16:46.840Z","cveId":"CVE-2026-33865","cweIds":["CWE-79"],"cvssScore":null,"cvssSeverity":null,"severity":"medium","attackType":["rag_poisoning"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["MLflow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-04-07T13:16:46.840Z","capecIds":["CAPEC-198","CAPEC-86"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality"],"aiComponentTargeted":"inference","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":["AML.T0020","AML.T0051.001"]}}