CVE-2026-2651 | MLflow up to 3.9.x Multipart Upload /mlflow-artifacts/mpu/ authorization (EUVD-2026-31642)

A vulnerability has been found in MLflow up to 3.9.x and classified as critical. This impacts an unknown function of the file /mlflow-artifacts/mpu/ of the component Multipart Upload Handler. This manipulation causes missing authorization.

This vulnerability appears as CVE-2026-2651. The attack may be initiated remotely. There is no available exploit.

The affected component should be upgraded.VulDB Recent EntriesRead More