CVE-2023-6753: Path Traversal in GitHub repository mlflow/mlflow prior to 2.9.2.
Summary
CVE-2023-6753 is a path traversal vulnerability (a security flaw where an attacker can access files outside the intended directory by using special path characters) found in MLflow versions before 2.9.2. The vulnerability allows unauthorized access to restricted files on a system running the affected software.
Solution / Mitigation
Update MLflow to version 2.9.2 or later. A patch is available at https://github.com/mlflow/mlflow/commit/1c6309f884798fbf56017a3cc808016869ee8de4.
Vulnerability Details
8.8(high)
EPSS: 3.0%
Classification
Affected Vendors
Related Issues
CVE-2024-37052: Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling
CVE-2026-26190: Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus expose
Original source: https://nvd.nist.gov/vuln/detail/CVE-2023-6753
First tracked: February 15, 2026 at 08:46 PM
Classified by LLM (prompt v3) · confidence: 85%