CVE-2026-2652: A vulnerability in mlflow/mlflow versions 3.9.0 and earlier allows unauthenticated access to certain FastAPI routes when
Summary
MLflow (an open-source platform for managing machine learning workflows) versions 3.9.0 and earlier have a security flaw where certain API endpoints don't require authentication even when the server is set up with authentication enabled. This happens because the authentication check only protects `/gateway/` routes, leaving other endpoints like the Job API and trace ingestion API unprotected, allowing attackers to submit jobs, view results, and inject fake data without logging in.
Solution / Mitigation
This vulnerability is fixed in version 3.10.0. Users should upgrade mlflow to version 3.10.0 or later.
Vulnerability Details
EPSS: 0.0%
May 14, 2026
Classification
Taxonomy References
Affected Vendors
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-2652
First tracked: May 15, 2026 at 02:11 AM
Classified by LLM (prompt v3) · confidence: 92%