EUVD-2026-19608
GHSA-fh64-r2vc-xvhr
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4Tags
Description
MLflow is vulnerable to Stored Cross-Site Scripting (XSS) caused by unsafe parsing of YAML-based MLmodel artifacts in its web interface. An authenticated attacker can upload a malicious MLmodel file containing a payload that executes when another user views the artifact in the UI. This allows actions such as session hijacking or performing operations on behalf of the victim. This issue affects MLflow version through 3.10.1
Analysis
Stored cross-site scripting (XSS) in MLflow through version 3.10.1 allows authenticated attackers to inject malicious payloads via YAML-based MLmodel artifacts that execute when other users view the artifact in the web interface, enabling session hijacking or unauthorized actions on behalf of victims. CVSS 5.1 reflects low severity due to authentication requirement and user interaction; SSVC framework rates exploitation as none, automatable as no, and technical impact as partial. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today