CVE-2026-4137 | MLflow up to 3.10.x file_utils.py get_or_create_nfs_tmp_dir temp file

A vulnerability described as problematic has been identified in MLflow up to 3.10.x. The affected element is the function get_or_create_nfs_tmp_dir of the file mlflow/utils/file_utils.py. Such manipulation leads to creation of temporary file with insecure permissions.

This vulnerability is uniquely identified as CVE-2026-4137. Local access is required to approach this attack. No exploit exists.

Upgrading the affected component is recommended.VulDB Recent EntriesRead More