CVE-2026-0545: CWE-306 Missing Authentication for Critical Function in mlflow mlflow/mlflow
In mlflow/mlflow, the FastAPI job endpoints under `/ajax-api/3.0/jobs/*` are not protected by authentication or authorization when the `basic-auth` app is enabled. This vulnerability affects the latest version of the repository. If job execution is enabled (`MLFLOW_SERVER_ENABLE_JOB_EXECUTION=true`) and any job function is allowlisted, any network client can submit, read, search, and cancel jobs without credentials, bypassing basic-auth entirely. This can lead to unauthenticated remote code execution if allowed jobs perform privileged actions such as shell execution or filesystem changes. Even if jobs are deemed safe, this still constitutes an authentication bypass, potentially resulting in job spam, denial of service (DoS), or data exposure in job results.
AI Analysis
Technical Summary
The vulnerability in mlflow/mlflow involves missing authentication for critical FastAPI job endpoints when basic-auth is enabled. Specifically, if the environment variable MLFLOW_SERVER_ENABLE_JOB_EXECUTION=true and any job function is allowlisted, these endpoints do not enforce authentication or authorization, allowing unauthenticated network clients to interact with job functions. This bypasses basic-auth protection entirely. The impact includes potential unauthenticated remote code execution if allowed jobs perform sensitive operations such as shell commands or filesystem modifications. Even if remote code execution is not possible, the lack of authentication permits job spam, denial of service, and exposure of job results.
Potential Impact
The vulnerability allows unauthenticated attackers to fully control job submission and management endpoints, bypassing basic authentication. This can lead to remote code execution if jobs perform privileged actions, or cause denial of service and data exposure through job manipulation. The CVSS score of 9.1 reflects the high impact on confidentiality and integrity with no required privileges or user interaction.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, it is recommended to disable job execution (set MLFLOW_SERVER_ENABLE_JOB_EXECUTION=false) or avoid allowlisting any job functions. Additionally, restrict network access to the affected endpoints to trusted clients only. Monitor vendor communications for official patches or updates.
CVE-2026-0545: CWE-306 Missing Authentication for Critical Function in mlflow mlflow/mlflow
Description
In mlflow/mlflow, the FastAPI job endpoints under `/ajax-api/3.0/jobs/*` are not protected by authentication or authorization when the `basic-auth` app is enabled. This vulnerability affects the latest version of the repository. If job execution is enabled (`MLFLOW_SERVER_ENABLE_JOB_EXECUTION=true`) and any job function is allowlisted, any network client can submit, read, search, and cancel jobs without credentials, bypassing basic-auth entirely. This can lead to unauthenticated remote code execution if allowed jobs perform privileged actions such as shell execution or filesystem changes. Even if jobs are deemed safe, this still constitutes an authentication bypass, potentially resulting in job spam, denial of service (DoS), or data exposure in job results.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability in mlflow/mlflow involves missing authentication for critical FastAPI job endpoints when basic-auth is enabled. Specifically, if the environment variable MLFLOW_SERVER_ENABLE_JOB_EXECUTION=true and any job function is allowlisted, these endpoints do not enforce authentication or authorization, allowing unauthenticated network clients to interact with job functions. This bypasses basic-auth protection entirely. The impact includes potential unauthenticated remote code execution if allowed jobs perform sensitive operations such as shell commands or filesystem modifications. Even if remote code execution is not possible, the lack of authentication permits job spam, denial of service, and exposure of job results.
Potential Impact
The vulnerability allows unauthenticated attackers to fully control job submission and management endpoints, bypassing basic authentication. This can lead to remote code execution if jobs perform privileged actions, or cause denial of service and data exposure through job manipulation. The CVSS score of 9.1 reflects the high impact on confidentiality and integrity with no required privileges or user interaction.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, it is recommended to disable job execution (set MLFLOW_SERVER_ENABLE_JOB_EXECUTION=false) or avoid allowlisting any job functions. Additionally, restrict network access to the affected endpoints to trusted clients only. Monitor vendor communications for official patches or updates.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- @huntr_ai
- Date Reserved
- 2026-01-01T09:52:49.217Z
- Cvss Version
- 3.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69cff9360a160ebd9247d567
Added to database: 4/3/2026, 5:30:30 PM
Last enriched: 4/3/2026, 5:45:29 PM
Last updated: 4/3/2026, 9:12:13 PM
Views: 6
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.