MLflow Tracking Server Artifact Handler Directory Traversal Remote Code Execution Vulnerability

MLflow Tracking Server contains a remote code execution vulnerability (CVE-2026-2033) that allows unauthenticated attackers to execute arbitrary code on affected systems, rated as HIGH severity with a CVSS score of 8.1. An attacker can exploit this flaw without credentials to gain full control over the MLflow server and potentially compromise the underlying infrastructure or data. Security teams should immediately patch affected MLflow installations and restrict network access to the Tracking Server while updates are deployed.