Skip to main content

Red Hat EUVD-2026-18809

| CVE-2026-0545 CRITICAL
Missing Authentication for Critical Function (CWE-306)
2026-04-03 @huntr_ai GHSA-7qhf-v65m-g5f3
Authentication Bypass RCE Denial Of Service Information Disclosure Red Hat
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Red Hat
8.1 HIGH
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

6
Analysis Updated
Apr 21, 2026 - 01:57 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Apr 21, 2026 - 01:52 vuln.today
cvss_changed
CVSS changed
Apr 21, 2026 - 01:52 NVD
9.1 (CRITICAL) 9.8 (CRITICAL)
EUVD ID Assigned
Apr 03, 2026 - 17:30 euvd
EUVD-2026-18809
Analysis Generated
Apr 03, 2026 - 17:30 vuln.today
CVE Published
Apr 03, 2026 - 17:03 nvd
CRITICAL 9.1

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 14 pypi packages depend on mlflow (14 direct, 0 indirect)

Ecosystem-wide dependent count for version 3.10.1.

DescriptionCVE.org

In mlflow/mlflow, the FastAPI job endpoints under /ajax-api/3.0/jobs/* are not protected by authentication or authorization when the basic-auth app is enabled. This vulnerability affects the latest version of the repository. If job execution is enabled (MLFLOW_SERVER_ENABLE_JOB_EXECUTION=true) and any job function is allowlisted, any network client can submit, read, search, and cancel jobs without credentials, bypassing basic-auth entirely. This can lead to unauthenticated remote code execution if allowed jobs perform privileged actions such as shell execution or filesystem changes. Even if jobs are deemed safe, this still constitutes an authentication bypass, potentially resulting in job spam, denial of service (DoS), or data exposure in job results.

AnalysisAI

MLflow's FastAPI job endpoints bypass basic-auth entirely, allowing network attackers to submit and execute jobs without credentials (CVSS 9.8, CWE-306). Affects mlflow/mlflow latest version when MLFLOW_SERVER_ENABLE_JOB_EXECUTION=true and job functions are allowlisted. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Discover MLflow server via port scan
Delivery
Send unauthenticated POST to /ajax-api/3.0/jobs/submit
Exploit
Submit crafted job payload targeting allowlisted function
Execution
Job executes with server privileges
Impact
Retrieve results or establish persistence
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Job execution must be explicitly enabled via MLFLOW_SERVER_ENABLE_JOB_EXECUTION=true environment variable (non-default configuration). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment CVSS 9.8 indicates maximum severity based on network attack vector, no authentication, and high confidentiality/integrity/availability impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A remote attacker identifies an internet-facing MLflow server (port 5000 default, discoverable via Shodan or banner grabbing) running with job execution enabled. Using the publicly available POC, the attacker sends unauthenticated HTTP POST requests to /ajax-api/3.0/jobs/submit with a crafted job payload invoking an allowlisted function that executes shell commands (e.g., model training scripts with os.system() calls). …
Remediation Primary mitigation (no vendor-released patch confirmed): Disable job execution by setting MLFLOW_SERVER_ENABLE_JOB_EXECUTION=false or removing the environment variable entirely - this eliminates the attack surface but disables job scheduling functionality. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 24 hours: Disable MLFLOW_SERVER_ENABLE_JOB_EXECUTION=false on all MLflow servers, or restrict network access to FastAPI job endpoints to trusted internal networks only. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Vendor StatusVendor

Share

EUVD-2026-18809 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy