What is the CVSS score of CVE-2026-2033?

CVE-2026-2033 has a CVSS 3.0 base score of 8.1 (High). CVSS vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 15.6%.

Which versions of AI / ML are affected by CVE-2026-2033?

MLflow Tracking Server instances are vulnerable to remote code execution attacks that could allow unauthorized actors to gain complete control of affected systems and access sensitive machine…. A patch is available.

How to fix or mitigate CVE-2026-2033?

Within 24 hours: Identify all MLflow Tracking Server instances in your environment and document network exposure. Within 7 days: Implement network segmentation to restrict MLflow access to authorized users only, disable public internet exposure, and deploy WAF rules to block directory traversal patterns. Within 30 days: Evaluate migration to alternative ML tracking solutions, establish continuous monitoring for suspicious artifact access patterns, and maintain vendor communication for patch availability.

AI / ML CVE-2026-2033

HIGH

Path Traversal (CWE-22)

2026-02-20 zdi-disclosures@trendmicro.com

GHSA-q2r8-vmq7-fpx2

RCE Path Traversal AI / ML Mlflow Red Hat

8.1

CVSS 3.0 · NVD

Severity by source

NVD PRIMARY

8.1 HIGH

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Red Hat

7.3 HIGH

qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Patch released

Mar 31, 2026 - 21:13 nvd

Patch available

Analysis Generated

Mar 12, 2026 - 22:04 vuln.today

CVE Published

Feb 20, 2026 - 23:16 nvd

HIGH 8.1

DescriptionCVE.org

MLflow Tracking Server Artifact Handler Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MLflow Tracking Server. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the handling of artifact file paths. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-26649.

AnalysisAI

Unauthenticated remote code execution in MLflow Tracking Server through directory traversal in artifact file path handling enables attackers to execute arbitrary commands with service account privileges. The vulnerability stems from insufficient validation of user-supplied paths in file operations, allowing exploitation without authentication. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Craft malicious artifact file path with traversal sequences

Exploit

Submit path to MLflow Tracking Server artifact handler

Execution

Bypass path validation

Impact

Write/execute arbitrary code as service account

Access

Craft malicious artifact file path with traversal sequences

Exploit

Submit path to MLflow Tracking Server artifact handler

Execution

Bypass path validation

Impact

Write/execute arbitrary code as service account

Vulnerability AssessmentAI

Exploitation	MLflow Tracking Server with artifact handling enabled. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	CVSS 8.1 (HIGH). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	A remote attacker could exploit this vulnerability to execute arbitrary code on affected installations of MLflow Tracking Server.
Remediation	Monitor vendor advisories for a patch. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all MLflow Tracking Server instances in your environment and document network exposure. …

Threat intelligence, references, and detailed analysis are available after sign-in.

Vendor StatusVendor

CVE-2026-2033 vulnerability details – vuln.today

Back

AI / ML CVE-2026-2033

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Unlock full vulnerability intelligence

Attack ChainAIDerived

Vulnerability AssessmentAI

Recommended ActionAI

Vendor StatusVendor

Share

External POC / Exploit Code