AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2024-37061: Remote Code Execution can occur in versions of the MLflow platform running version 1.11.0 or newer, enabling a malicious

highvulnerability

security

Source: NVD/CVE DatabaseJune 4, 2024CVE-2024-37061

Summary

CVE-2024-37061 is a remote code execution vulnerability (the ability for an attacker to run commands on someone else's system) in MLflow (a machine learning platform) version 1.11.0 and newer. An attacker can create a malicious MLproject file that executes arbitrary code when a user runs it on their computer.

Vulnerability Details

CVSS Score

8.8(high)

EPSS (30-day exploit probability)

EPSS: 7.4%

Classification

Attack SophisticationModerate

Impact (CIA+S)

integrityconfidentiality

AI Component TargetedFramework

Taxonomy References

CWE (Weakness Type)

CWE-94 CWE-94

CAPEC (Attack Pattern)

CAPEC-242

Affected Vendors

Original source: https://nvd.nist.gov/vuln/detail/CVE-2024-37061

First tracked: February 15, 2026 at 08:46 PM

Classified by LLM (prompt v3) · confidence: 92%