CVE-2026-0596: A command injection vulnerability exists in mlflow/mlflow when serving a model with `enable_mlserver=True`. The `model_u
Summary
MLflow (a machine learning model management tool) has a command injection vulnerability (a security flaw where an attacker can insert shell commands into input) when serving models with `enable_mlserver=True`. The vulnerability occurs because the `model_uri` (a file path or reference to a model) is directly placed into a shell command without filtering out dangerous characters like `$()` or backticks, allowing attackers to run unauthorized commands. This poses a serious risk if a high-privilege service loads models from a directory that lower-privilege users can access.
Vulnerability Details
EPSS: 0.0%
March 31, 2026
Classification
Taxonomy References
Affected Vendors
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-0596
First tracked: March 31, 2026 at 02:07 PM
Classified by LLM (prompt v3) · confidence: 95%