CVE-2024-1593: A path traversal vulnerability exists in the mlflow/mlflow repository due to improper handling of URL parameters. By smu
Summary
MLflow, a machine learning platform, has a path traversal vulnerability (a security flaw where attackers can access files outside intended directories) caused by improper handling of URL parameters. Attackers can use the semicolon (;) character to hide malicious path sequences in URLs, potentially gaining unauthorized access to sensitive files or compromising the server.
Vulnerability Details
7.5(high)
EPSS: 0.4%
Classification
Affected Vendors
Related Issues
CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne
CVE-2026-22252: LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbi
Original source: https://nvd.nist.gov/vuln/detail/CVE-2024-1593
First tracked: February 15, 2026 at 08:46 PM
Classified by LLM (prompt v3) · confidence: 85%