| CVE ID | CVE-2026-33865 |
| Publication date | 07 April 2026 |
| Vendor | Mlflow |
| Product | Mlflow |
| Vulnerable versions | All through 3.10.1 |
| Vulnerability type (CWE) | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') (CWE-79) |
| Report source | Report to CERT Polska |
| CVE ID | CVE-2026-33866 |
| Publication date | 07 April 2026 |
| Vendor | Mlflow |
| Product | Mlflow |
| Vulnerable versions | All through 3.10.1 |
| Vulnerability type (CWE) | Missing Authorization (CWE-862) |
| Report source | Report to CERT Polska |
Description
CERT Polska has received a report about vulnerabilities in Mlflow software and participated in coordination of their disclosure.
The vulnerability CVE-2026-33865: MLflow is vulnerable to Stored Cross-Site Scripting (XSS) caused by unsafe parsing of YAML-based MLmodel artifacts in its web interface. An authenticated attacker can upload a malicious MLmodel file containing a payload that executes when another user views the artifact in the UI. This allows actions such as session hijacking or performing operations on behalf of the victim.
The vulnerability CVE-2026-33866: MLflow is vulnerable to an authorization bypass affecting the AJAX endpoint used to download saved model artifacts. Due to missing access‑control validation, a user without permissions to a given experiment can directly query this endpoint and retrieve model artifacts they are not authorized to access.
These issues affect MLflow version through 3.10.1
Credits
We thank Sławomir Zakrzewski (AFINE) for the responsible vulnerability report.
More about the coordinated vulnerability disclosure process at CERT Polska can be found at https://cert.pl/en/cvd/.