MLflow

MLflow, an open-source machine learning platform for experiment tracking and model management, has a high-severity vulnerability (CVSS 7.8) that requires local access and user interaction to exploit, but delivers significant impact through high confidentiality, integrity, and availability compromise. The vulnerability does not require authentication, making it particularly dangerous in multi-user environments where an attacker with local system access can trick a user into triggering the flaw. Security teams should monitor for exploitation attempts targeting MLflow deployments and prioritize patching once the vendor releases a fix by the July 2026 deadline.