CVE-2026-2652 | mlflow up to 3.9.x Job API _find_fastapi_validator authentication bypass

A vulnerability was found in mlflow up to 3.9.x and classified as critical. Affected by this vulnerability is the function _find_fastapi_validator of the component Job API. Executing a manipulation can lead to authentication bypass by primary weakness.

The identification of this vulnerability is CVE-2026-2652. The attack may be launched remotely. There is no exploit available.

It is suggested to upgrade the affected component.VulDB Recent EntriesRead More