CVE-2026-2635
📋 TL;DR
CVE-2026-2635 is an authentication bypass vulnerability in MLflow that allows remote attackers to gain administrative access without credentials. The vulnerability exists due to hard-coded default credentials in the basic_auth.ini configuration file. Any MLflow installation using basic authentication with default configurations is affected.
💻 Affected Systems
- MLflow
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise: attackers gain administrative access, execute arbitrary code, steal sensitive data, and potentially pivot to other systems.
Likely Case
Unauthorized access to MLflow dashboard, model repository manipulation, data exfiltration, and privilege escalation within the MLflow environment.
If Mitigated
Limited impact due to network segmentation, strong authentication controls, and monitoring detecting unauthorized access attempts.
🎯 Exploit Status
Exploitation requires knowledge of the default credentials location and basic HTTP authentication bypass techniques.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version containing PR #19260 fix
Vendor Advisory: https://github.com/mlflow/mlflow/pull/19260
Restart Required: Yes
Instructions:
1. Update MLflow to version containing PR #19260 fix. 2. Remove or secure basic_auth.ini file. 3. Restart MLflow services. 4. Change all passwords and credentials.
🔧 Temporary Workarounds
Remove default basic_auth.ini
allDelete or secure the default basic_auth.ini configuration file
rm /path/to/mlflow/basic_auth.ini
chmod 000 /path/to/mlflow/basic_auth.ini
Implement custom authentication
allReplace basic authentication with stronger authentication mechanisms
# Configure OAuth, LDAP, or custom auth providers
🧯 If You Can't Patch
- Network segmentation: Isolate MLflow instances from internet and untrusted networks
- Implement strict access controls and monitoring for authentication attempts
🔍 How to Verify
Check if Vulnerable:
Check if basic_auth.ini exists with default credentials: grep -r 'admin' /path/to/mlflow/basic_auth.iniCheck Version:
mlflow --versionVerify Fix Applied:
Verify basic_auth.ini is removed or secured, and test authentication with default credentials fails📡 Detection & Monitoring
Log Indicators:
- Failed authentication attempts with default credentials
- Successful logins from unexpected IPs
- Administrative actions from new users
Network Indicators:
- HTTP requests to MLflow endpoints without proper authentication headers
- Traffic patterns indicating credential brute-forcing
SIEM Query:
source="mlflow.log" AND (event="authentication_failure" OR event="authentication_success") AND user="admin"