CVE-2026-13484 | MLflow up to 4666cffc7912ea606d592fc38d6a75e2935f65e7 Experiment-scoped Label Schema CRUD API authorization (Issue 23608)
A vulnerability categorized as problematic has been discovered in MLflow up to 4666cffc7912ea606d592fc38d6a75e2935f65e7. The impacted element is an unknown function of the component Experiment-scoped Label Schema CRUD API. Such manipulation leads to missing authorization.
This vulnerability is referenced as CVE-2026-13484. It is possible to launch the attack remotely. Furthermore, an exploit is available.
A reply to the GitHub issue explains, that “[t]he labeling schema PR has not been merged yet. The auth handlers will be added before the release.”VulDB Recent EntriesRead More