Vulnerability Description
MLflow is vulnerable to Stored Cross-Site Scripting (XSS) caused by unsafe parsing of YAML-based MLmodel artifacts in its web interface. An authenticated attacker can upload a malicious MLmodel file containing a payload that executes when another user views the artifact in the UI. This allows actions such as session hijacking or performing operations on behalf of the victim. This issue affects MLflow version through 3.10.1
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Lfprojects | Mlflow | <= 3.10.1 |
Related Weaknesses (CWE)
References
- https://afine.com/blogs/attacking-mlflow-how-ml-artifacts-become-attack-vectorsExploitThird Party Advisory
- https://cert.pl/en/posts/2026/04/CVE-2026-33865/Third Party Advisory
- https://github.com/mlflow/mlflow/pull/21435Issue TrackingPatch
FAQ
What is CVE-2026-33865?
CVE-2026-33865 is a vulnerability with a CVSS score of 5.4 (MEDIUM). MLflow is vulnerable to Stored Cross-Site Scripting (XSS) caused by unsafe parsing of YAML-based MLmodel artifacts in its web interface. An authenticated attacker can upload a malicious MLmodel file c...
How severe is CVE-2026-33865?
CVE-2026-33865 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-33865?
Check the references section above for vendor advisories and patch information. Affected products include: Lfprojects Mlflow.