CVE-2026-2651 | MLflow up to 3.9.x Multipart Upload /mlflow-artifacts/mpu/ authorization (EUVD-2026-31642)

Inserito da Angelo Barbosa | Mag 25, 2026 | CVE

A vulnerability has been found in MLflow up to 3.9.x and classified as critical. This impacts an unknown function of the file /mlflow-artifacts/mpu/ of the component Multipart Upload Handler. This manipulation causes missing authorization.

This vulnerability appears as CVE-2026-2651. The attack may be initiated remotely. There is no available exploit.

The affected component should be upgraded.

CVE-2026-2651 | MLflow up to 3.9.x Multipart Upload /mlflow-artifacts/mpu/ authorization (EUVD-2026-31642)

Post correlati

CVE-2024-22590 | Kwik 745fd4e2 TLS Engine state issue

CVE-2024-24573 | WillyXJ facileManager up to 4.5.0 POST Request processPost.php authorization (GHSA-w67q-pp62-j4pf)

CVE-2024-40836 | Apple macOS Shortcut access control

CVE-2026-23008 | Linux Kernel up to 6.18.6/6.19-rc5 vmwgfx null pointer dereference