{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-2635", "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "state": "PUBLISHED", "assignerShortName": "zdi", "dateReserved": "2026-02-17T18:43:46.629Z", "datePublished": "2026-02-20T22:25:03.494Z", "dateUpdated": "2026-02-27T04:55:48.854Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "shortName": "zdi", "dateUpdated": "2026-02-20T22:25:03.494Z"}, "title": "MLflow Use of Default Password Authentication Bypass Vulnerability", "descriptions": [{"lang": "en", "value": "MLflow Use of Default Password Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of MLflow. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the basic_auth.ini file. The file contains hard-coded default credentials. An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of the administrator. Was ZDI-CAN-28256."}], "affected": [{"vendor": "MLflow", "product": "MLflow", "versions": [{"version": "3.4.0", "status": "affected"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-1393", "description": "CWE-1393: Use of Default Password", "type": "CWE"}]}], "references": [{"url": "https://www.zerodayinitiative.com/advisories/ZDI-26-111/", "name": "ZDI-26-111", "tags": ["x_research-advisory"]}, {"url": "https://github.com/mlflow/mlflow/pull/19260", "name": "vendor-provided URL", "tags": ["vendor-advisory"]}], "dateAssigned": "2026-02-17T18:43:46.678Z", "datePublic": "2026-02-19T14:15:20.254Z", "source": {"lang": "en", "value": "Peter Girnus (@gothburz) of Trend Zero Day Initiative"}, "metrics": [{"format": "CVSS", "cvssV3_0": {"version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL"}}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-26T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-2635"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-27T04:55:48.854Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-2635", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-24T15:17:25.324977Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-24T15:17:34.505Z"}}], "cna": {"title": "MLflow Use of Default Password Authentication Bypass Vulnerability", "source": {"lang": "en", "value": "Peter Girnus (@gothburz) of Trend Zero Day Initiative"}, "metrics": [{"format": "CVSS", "cvssV3_0": {"version": "3.0", "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "MLflow", "product": "MLflow", "versions": [{"status": "affected", "version": "3.4.0"}], "defaultStatus": "unknown"}], "datePublic": "2026-02-19T14:15:20.254Z", "references": [{"url": "https://www.zerodayinitiative.com/advisories/ZDI-26-111/", "name": "ZDI-26-111", "tags": ["x_research-advisory"]}, {"url": "https://github.com/mlflow/mlflow/pull/19260", "name": "vendor-provided URL", "tags": ["vendor-advisory"]}], "dateAssigned": "2026-02-17T18:43:46.678Z", "descriptions": [{"lang": "en", "value": "MLflow Use of Default Password Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of MLflow. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the basic_auth.ini file. The file contains hard-coded default credentials. An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of the administrator. Was ZDI-CAN-28256."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1393", "description": "CWE-1393: Use of Default Password"}]}], "providerMetadata": {"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "shortName": "zdi", "dateUpdated": "2026-02-20T22:25:03.494Z"}}}, "cveMetadata": {"cveId": "CVE-2026-2635", "state": "PUBLISHED", "dateUpdated": "2026-02-27T04:55:48.854Z", "dateReserved": "2026-02-17T18:43:46.629Z", "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "datePublished": "2026-02-20T22:25:03.494Z", "assignerShortName": "zdi"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "MLflow Use of Default Password Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of MLflow. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the basic_auth.ini file. The file contains hard-coded default credentials. An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of the administrator. Was ZDI-CAN-28256."}, {"lang": "es", "value": "Vulnerabilidad de Omisi\u00f3n de Autenticaci\u00f3n por Uso de Contrase\u00f1a Predeterminada en MLflow. Esta vulnerabilidad permite a atacantes remotos omitir la autenticaci\u00f3n en instalaciones afectadas de MLflow. No es necesario autenticase para explotar esta vulnerabilidad.\n\nLa falla espec\u00edfica existe en el archivo basic_auth.ini. El archivo contiene credenciales predeterminadas almacenadas en el c\u00f3digo. Un atacante puede aprovechar esta vulnerabilidad para omitir la autenticaci\u00f3n y ejecutar c\u00f3digo arbitrario en el contexto del administrador. Fue ZDI-CAN-28256."}], "id": "CVE-2026-2635", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "zdi-disclosures@trendmicro.com", "type": "Secondary"}]}, "published": "2026-02-20T23:16:05.577", "references": [{"source": "zdi-disclosures@trendmicro.com", "url": "https://github.com/mlflow/mlflow/pull/19260"}, {"source": "zdi-disclosures@trendmicro.com", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-111/"}], "sourceIdentifier": "zdi-disclosures@trendmicro.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1393"}], "source": "zdi-disclosures@trendmicro.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "3.4.0"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "MLflow", "source": "cna", "vendor": "MLflow"}, "product": "mlflow", "vendor": "mlflow"}], "analysis": {"en": {"generated_at": "2026-04-17T17:01:33.290091+00:00", "value": {"mitigation_remediation": ["Upgrade MLflow to the latest release that incorporates the fix from pull request\u202f19260.", "If an immediate upgrade is not possible, delete or disable the basic_auth.ini file and enable a secure authentication plugin, ensuring that the installation does not contain hard\u2011coded credentials.", "Configure file system permissions so that only privileged users can read configuration files and enforce a strong, unique administrator password."], "summary": {"action": "Immediate Patch", "impact": "Authentication Bypass / Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The affected product is MLflow (MLflow:MLflow). No specific version information is listed in the CNA data, but the issue was addressed in a pull request (PR\u202f19260) on GitHub and reported by the ZeroDay Initiative.", "description_and_impact": "The flaw resides in MLflow\u2019s basic_auth.ini file where hard\u2011coded default credentials allow any user to authenticate as an administrator. Because no authentication is required to exploit the vulnerability, an attacker can log in immediately and execute arbitrary code with administrative privileges. The weakness is categorized as CWE-1393, reflecting the use of insecure, hard\u2011coded passwords in configuration files.", "risk_and_exploitability": "With a CVSS score of 9.8 the vulnerability is considered critical. The EPSS score of 1% indicates low current exploitation probability, yet the absence of authentication requirements makes exploitation trivially simple once a network path is available. The vulnerability is not listed in the CISA KEV catalog, but the potential for complete system compromise warrants immediate attention. Attackers can target any MLflow deployment exposed to the network without needing prior access to credentials or privileged accounts."}}}}, "created": "2026-02-23T14:33:37.409452+00:00", "updated": "2026-04-17T17:15:23.711696+00:00", "vendors": ["mlflow", "mlflow$PRODUCT$mlflow"]}