CVE-2026-4137: In mlflow/mlflow versions prior to 3.11.0, the `get_or_create_nfs_tmp_dir()` function in `mlflow/utils/file_utils.py` cr
criticalvulnerability
security
Summary
MLflow versions before 3.11.0 create temporary directories with overly permissive access permissions (world-writable or group-writable), allowing local attackers to modify model files and execute arbitrary code when those files are loaded. This is especially dangerous in shared environments like Databricks where multiple users access the same network storage.
Solution / Mitigation
Update MLflow to version 3.11.0 or later.
Vulnerability Details
EPSS (30-day exploit probability)
EPSS: 0.0%
Disclosure Date
May 18, 2026
Classification
Attack Type
Model PoisoningSupply Chain
Attack SophisticationModerate
Impact (CIA+S)
integrity
Taxonomy References
CWE (Weakness Type)
Affected Vendors
HuggingFace
Related Issues
Monthly digest — independent AI security research
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-4137
First tracked: May 18, 2026 at 08:12 PM
Classified by LLM (prompt v3) · confidence: 95%