AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2022-0736: Insecure Temporary File in GitHub repository mlflow/mlflow prior to 1.23.1.

highvulnerability

security

Source: NVD/CVE DatabaseFebruary 23, 2022CVE-2022-0736

Summary

MLflow, a machine learning platform, had an insecure temporary file vulnerability (CWE-377, a weakness where temporary files are created without proper security protections) in versions before 1.23.1. This vulnerability could potentially allow attackers to access or modify sensitive data stored in temporary files.

Solution / Mitigation

Update MLflow to version 1.23.1 or later. A patch is available at https://github.com/mlflow/mlflow/commit/61984e6843d2e59235d82a580c529920cd8f3711.

Vulnerability Details

CVSS Score

7.5(high)

EPSS (30-day exploit probability)

EPSS: 0.6%

Classification

Attack Type

Other

Attack SophisticationTrivial

Impact (CIA+S)

integrityconfidentiality

Taxonomy References

CWE (Weakness Type)

CWE-377

Affected Vendors

Related Issues

high

CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne

Similar attackNVD/CVE Database

critical

CVE-2026-22252: LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbi

First tracked: February 15, 2026 at 08:46 PM

Classified by LLM (prompt v3) · confidence: 85%