PatchSiren cyber security CVE debrief
CVE-2026-2614 mlflow CVE debrief
CVE-2026-2614 is a high-severity vulnerability in mlflow/mlflow that allows unauthenticated remote attackers to read arbitrary files from the server's filesystem. The issue arises in the `_create_model_version()` handler of `mlflow/server/handlers.py` in mlflow/mlflow versions 3.9.0 and earlier. An attacker can exploit this by including the tag `mlflow.prompt.is_prompt` in a `CreateModelVersion` request, bypassing source path validation. This enables an attacker to store an arbitrary local filesystem path as the model version source. The `get_model_version_artifact_handler()` function later uses this source to serve files without verifying the model version's prompt status, leading to a complete confidentiality compromise. This issue is fixed in version 3.10.0.
- Vendor
- mlflow
- Product
- mlflow/mlflow
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-11
- Original CVE updated
- 2026-07-02
- Advisory published
- 2026-05-11
- Advisory updated
- 2026-07-02
Who should care
Users of mlflow/mlflow versions 3.9.0 and earlier should be aware of this vulnerability and take immediate action to protect their systems. This includes upgrading to version 3.10.0 or applying the necessary patches. Additionally, users should monitor their systems for any suspicious activity and implement compensating controls to prevent exploitation.
Technical summary
The vulnerability in mlflow/mlflow arises from a flawed validation mechanism in the `_create_model_version()` handler of `mlflow/server/handlers.py`. By including the tag `mlflow.prompt.is_prompt` in a `CreateModelVersion` request, an unauthenticated remote attacker can bypass source path validation and store an arbitrary local filesystem path as the model version source. The `get_model_version_artifact_handler()` function then uses this source to serve files without verifying the model version's prompt status, allowing for a complete confidentiality compromise.
Defensive priority
High
Recommended defensive actions
- Upgrade to mlflow/mlflow version 3.10.0 or later
- Apply the necessary patches to fix the vulnerability
- Monitor systems for suspicious activity
- Implement compensating controls to prevent exploitation
- Conduct regular inventory checks to ensure all systems are up-to-date
Evidence notes
The CVE record was published on 2026-05-11T20:25:41.423Z and was last modified on 2026-07-02T12:17:02.460Z. The NVD entry is currently Modified. The vulnerability has a CVSS score of 7.5 and a severity of High.
Official resources
-
CVE-2026-2614 CVE record
CVE.org
-
CVE-2026-2614 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Patch
-
Mitigation or vendor reference
[email protected] - Exploit, Third Party Advisory
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-05-11T20:25:41.423Z and has not been modified since then. The NVD entry is currently Modified.