CVE-2026-2734 | MLflow up to 3.9.x REST API BEFORE_REQUEST_VALIDATORS/AFTER_REQUEST_HANDLERS access control

Inserito da Angelo Barbosa | Mag 21, 2026 | CVE

A vulnerability has been found in MLflow up to 3.9.x and classified as critical. This vulnerability affects unknown code of the component REST API. Performing a manipulation of the argument BEFORE_REQUEST_VALIDATORS/AFTER_REQUEST_HANDLERS results in improper access controls.

This vulnerability was named CVE-2026-2734. The attack may be initiated remotely. There is no available exploit.

The affected component should be upgraded.

CVE-2026-2734 | MLflow up to 3.9.x REST API BEFORE_REQUEST_VALIDATORS/AFTER_REQUEST_HANDLERS access control

Post correlati

CVE-2023-48965 | ThinkAdmin 6.1.53 URL information disclosure

CVE-2024-51898 | Sachin Jadhav Semantic Shortcode Plugin up to 1.0.1 on WordPress cross site scripting

CVE-2021-47494 | Linux Kernel up to 5.10.76/5.14.15 cfg80211 cfg80211_mgmt_registrations_update memory corruption (4c22227e39c7/3c897f39b71f/09b1d5dc6ce1)

CVE-2024-7464 | TOTOLINK CP900 6.3c.566 Telnet Service setTelnetCfg telnet_enabled command injection