CVE-2026-2611 | MLflow up to 3.9.x Assistant Feature /ajax-api origin validation

Inserito da Angelo Barbosa | Mag 19, 2026 | CVE

A vulnerability classified as critical has been found in MLflow up to 3.9.x. This impacts an unknown function of the file /ajax-api of the component Assistant Feature. This manipulation causes origin validation error.

This vulnerability is registered as CVE-2026-2611. Remote exploitation of the attack is possible. No exploit is available.

It is recommended to upgrade the affected component.

CVE-2026-2611 | MLflow up to 3.9.x Assistant Feature /ajax-api origin validation

Post correlati

CVE-2024-38433 | Nuvoton NPCM7xx BootBlock prior 10.10.19 authentication bypass

CVE-2025-12593 | code-projects Simple Online Hotel Reservation System 2.0 Photo /admin/edit_room.php unrestricted upload

CVE-2024-30690 | ROS2 Galactic Geochelone Node injection

CVE-2023-48804 | Totolink X6000R 9.4.0cu.852_B20230719 shttpd sub_4119A0 Privilege Escalation