CVE-2026-0545
Authentication Bypass vulnerability in mlflow (PyPI)

Authentication Bypass No known exploit

What is CVE-2026-0545 About?

This vulnerability is an authentication bypass in MLflow's FastAPI job endpoints when basic-auth is enabled, allowing unauthenticated network access to job management functions. Attackers can submit, read, search, and cancel jobs without credentials, potentially leading to unauthenticated remote code execution or denial of service. Exploitation is straightforward given an exposed MLflow server with job execution enabled.

Affected Software

mlflow <=3.10.1

Technical Details

The vulnerability exists in the mlflow/mlflow application, specifically within the FastAPI job endpoints located under /ajax-api/3.0/jobs/*. These endpoints are designed to manage MLflow jobs. However, when the basic-auth application is enabled, these specific FastAPI endpoints are not properly protected by the authentication mechanism. This allows any network client to interact with these job-related functions—such as submitting new jobs, reading job details, searching for jobs, and canceling running jobs—without presenting valid credentials. If MLFLOW_SERVER_ENABLE_JOB_EXECUTION is set to true and any job functions are allowlisted (e.g., allowing shell commands or filesystem operations), this authentication bypass can escalate to unauthenticated remote code execution (RCE). Even without RCE, it constitutes an authentication bypass, potentially enabling denial of service through job spamming or resource exhaustion, or information disclosure via job results.

What is the Impact of CVE-2026-0545?

Successful exploitation may allow attackers to perform unauthenticated remote code execution, execute arbitrary commands, disrupt services through job spamming or cancellation, or access sensitive data exposed in job results.

What is the Exploitability of CVE-2026-0545?

Exploitation of this vulnerability is of low complexity. It requires the MLflow server to have basic-auth enabled but suffer from this bypass. The server must also have job execution enabled (MLFLOW_SERVER_ENABLE_JOB_EXECUTION=true) and allowlisted job functions for the most severe impact (RCE). No authentication is required, as the vulnerability is an authentication bypass. No specific privileges are needed from the attacker's side. Access is remote, as any network client can exploit it. The primary special condition is the MLFLOW_SERVER_ENABLE_JOB_EXECUTION flag and the configuration of allowlisted job functions, which dictate the severity of the impact (from authentication bypass to RCE). Risk factors include publicly exposed MLflow instances with these settings.

What are the Known Public Exploits?

PoC Author Link Commentary
No known exploits

What are the Available Fixes for CVE-2026-0545?

Available Upgrade Options

  • No fixes available

Struggling with dependency upgrades?

See how Resolved Security's drop-in replacements make it simple.

Book a demo

Additional Resources

What are Similar Vulnerabilities to CVE-2026-0545?

Similar Vulnerabilities: CVE-2023-37960 , CVE-2023-37961 , CVE-2023-37962 , CVE-2023-37963 , CVE-2023-37964

All Rights reserved 2025
Privacy Policy