Intel

AIKIDO-2026-441895

mlflow is vulnerable to Improper Access Control

Improper Access ControlCVE-2026-8147 Published 2 days ago

81

High Risk

This Affects:

PYTHONmlflow
2.14.2 - 3.12.0
Fixed in 3.13.0
Are you affected? Scan for Free

TL;DR

Affected versions of this package are vulnerable to missing authorization on trace API endpoints when the MLflow tracking server runs with authentication enabled (--app-name basic-auth). Trace operations such as searching and reading traces, deleting traces, modifying trace tags, and linking traces to runs did not enforce experiment-level permissions. Any authenticated user could access and modify traces from experiments they were not authorized to use, exposing sensitive LLM prompts, responses, function arguments, and audit data. The root cause was missing entries for trace endpoint handlers in the server's BEFORE_REQUEST_VALIDATORS map, so authorization checks were skipped for those routes.

Who does this affect?

You are affected if you run the MLflow tracking server with authentication enabled (--app-name basic-auth) and are using a version that falls within the vulnerable range.

Background info

mlflow is vulnerable to Improper Access Control in versions 2.14.2 - 3.12.0.

How to fix this

Upgrade the mlflow library to the patch version.