CVE-2026-2652 | mlflow up to 3.9.x Job API _find_fastapi_validator authentication bypass

Inserito da Angelo Barbosa | Mag 15, 2026 | CVE

A vulnerability was found in mlflow up to 3.9.x and classified as critical. Affected by this vulnerability is the function _find_fastapi_validator of the component Job API. Executing a manipulation can lead to authentication bypass by primary weakness.

The identification of this vulnerability is CVE-2026-2652. The attack may be launched remotely. There is no exploit available.

It is suggested to upgrade the affected component.

CVE-2026-2652 | mlflow up to 3.9.x Job API _find_fastapi_validator authentication bypass

Post correlati

CVE-2024-7313 | Shield Security Plugin up to 20.0.5 on WordPress cross-site request forgery

CVE-2025-40291 | Linux Kernel up to 6.17.7 io_uring io_estimate_bvec_size privilege escalation

CVE-2026-7518 | Open5GS up to 2.7.7 AMF SBI Endpoint sdmsubscription-notify amf_namf_callback_handle_sdm_data_change_notify changeItem.newValue denial of service (Issue 4395)

CVE-2024-5396 | itsourcecode Online Student Enrollment System 1.0 newfaculty.php name sql injection