Impact
The vulnerability in MLflow causes a lack of authorization checks on trace API endpoints. When authentication is enabled, any authenticated user may read, delete, or modify traces of experiments they should not see, exposing sensitive data and audit trails. This flaw originates from an unregistered _before_request handler that never applies the standard experiment‑level permissions. The impact spans confidentiality, integrity, and availability, allowing privileged escalation and data tampering.
Affected Systems
This issue affects the open source MLflow platform. Versions earlier than 3.14.0 of the mlflow/mlflow package are vulnerable. All instances that run these releases with authentication enabled are at risk.
Risk and Exploitability
The CVSS score of 8.1 marks this flaw as high severity. Although the EPSS score is not published, the vulnerability is active in recent commits and is not yet listed in CISA’s KEV catalog, indicating its exploitation status is not publicly documented. The likely attack vector requires an authenticated session; an attacker who can obtain valid credentials can use familiar API calls to bypass authorization. Successful exploitation could expose or corrupt sensitive experiment data.
OpenCVE Enrichment