• Advisory Details MLflow Tracking Server Artifact Handler Directory Traversal Remote Code Execution Vulnerability ZDI-26-105ZDI-CAN-26649 This vulnerability allows remote attackers to execute arbitrary code on affected installations of MLflow Tracking Server. • Authentication is not required to exploit this vulnerability. • The specific flaw exists within the handling of artifact file paths. • The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. • An attacker can leverage this vulnerability to execute code in the context of the service account. • 2025-07-31 - Vulnerability reported to vendor 2026-02-13 - Coordinated public release of advisory 2026-02-13 - Advisory Updated General Inquiries Find us on X Find us on Mastodon Media Inquiries Sensitive Email Communications Our Mission TrendAI TippingPoint IPS Process Researcher Rewards FAQS Privacy Published Advisories Upcoming Advisories RSS Feeds
Article Summaries:
- MLflow has disclosed a critical remote‑code‑execution flaw (CVE‑2026‑2033) affecting its Tracking Server. The vulnerability stems from insufficient validation of artifact file paths, enabling unauthenticated attackers to traverse directories and execute arbitrary code under the service account. With a CVSS score of 8.1, the issue permits full compromise of the affected system. MLflow has released a patch (see GitHub PR 19260) and urges users to update immediately. The flaw was reported by security researcher Muhammad Fadilullah Dzaki.
Sources: