1  info:
 2    name: mlflow
 3    cve: CVE-2026-0545
 4    summary: MLflow FastAPI job endpoints lack authentication bypass, allowing unauthenticated
 5      RCE via /ajax-api/3.0/jobs/* when basic-auth is enabled.
 6    details: >-
 7      In mlflow/mlflow, the FastAPI job endpoints under `/ajax-api/3.0/jobs/*` are
 8      not protected by authentication or authorization when the `basic-auth` app is
 9      enabled. This vulnerability affects the latest version of the repository. If
10      job execution is enabled (`MLFLOW_SERVER_ENABLE_JOB_EXECUTION=true`) and any
11      job function is allowlisted, any network client can submit, read, search, and
12      cancel jobs without credentials, bypassing basic-auth entirely. This can lead
13      to unauthenticated remote code execution if allowed jobs perform privileged
14      actions such as shell execution or filesystem changes. Even if jobs are deemed
15      safe, this still constitutes an authentication bypass, potentially resulting in
16      job spam, denial of service (DoS), or data exposure in job results. CWE-306:
17      Missing Authentication for Critical Function.
18    cvss: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
19    severity: CRITICAL
20    security_advise: >-
21      Upgrade MLflow to the latest patched version. As a temporary mitigation,
22      disable job execution by setting `MLFLOW_SERVER_ENABLE_JOB_EXECUTION=false`
23      or restrict network access to the `/ajax-api/3.0/jobs/*` endpoints via
24      firewall/reverse proxy rules. Monitor for unauthorized job submissions.
25    references:
26      - https://huntr.com/bounties/b2e5b028-9541-4d29-8703-a76f1a3734d8
27      - https://nvd.nist.gov/vuln/detail/CVE-2026-0545
28  rule: 'version <= "3.10.1"'
29  references:
30    - https://huntr.com/bounties/b2e5b028-9541-4d29-8703-a76f1a3734d8
31    - https://nvd.nist.gov/vuln/detail/CVE-2026-0545