CVE-2026-4035 | mlflow up to 3.10.x ENV_VAR insertion of sensitive information into sent data

Inserito da Angelo Barbosa | Giu 3, 2026 | CVE

A vulnerability was found in mlflow up to 3.10.x. It has been declared as problematic. Affected by this issue is some unknown functionality. The manipulation of the argument ENV_VAR results in insertion of sensitive information into sent data.

This vulnerability is cataloged as CVE-2026-4035. The attack may be launched remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2026-4035 | mlflow up to 3.10.x ENV_VAR insertion of sensitive information into sent data

Post correlati

CVE-2024-34474 | Clario up to 2024-04-11 permission

CVE-2024-52535 | Dell SupportAssist for Home PCs symlink (dsa-2024-470)

CVE-2025-65865 | eProsima Fast-DDS 3.3 denial of service

CVE-2025-39393 | Hospital Management System Plugin up to 47.0 on WordPress cross site scripting