CVE-2026-2734 | MLflow up to 3.9.x REST API BEFORE_REQUEST_VALIDATORS/AFTER_REQUEST_HANDLERS access control

A vulnerability has been found in MLflow up to 3.9.x and classified as critical. This vulnerability affects unknown code of the component REST API. Performing a manipulation of the argument BEFORE_REQUEST_VALIDATORS/AFTER_REQUEST_HANDLERS results in improper access controls.

This vulnerability was named CVE-2026-2734. The attack may be initiated remotely. There is no available exploit.

The affected component should be upgraded.VulDB Recent EntriesRead More