CVE-2026-2033

MLflow Tracking Server Artifact Handler Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MLflow Tracking Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of artifact file paths. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-26649.

CVSS v3 8.1 HIGH

8.1^/10

CVSS v3 : HIGH

Vector : AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability : 2.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/mlflow/mlflow/pull/19260
https://www.zerodayinitiative.com/advisories/ZDI-26-105/

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) Vulnerabilidad de ejecución remota de código por salto de directorio en el gestor de artefactos de MLflow Tracking Server. Esta vulnerabilidad permite a atacantes remotos ejecutar código arbitrario en instalaciones afectadas de MLflow Tracking Server. No es necesaria la autenticación para explotar esta vulnerabilidad. La falla reside en el manejo de las rutas de archivos de artefactos. El problema se debe a la falta de validación adecuada de una ruta proporcionada por el usuario antes de usarla en operaciones de archivo. Un atacante puede aprovechar esta vulnerabilidad para ejecutar código en el contexto de la cuenta de servicio. Fue ZDI-CAN-26649.

20 Feb 2026, 23:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-02-20 23:16

Updated : 2026-06-17 10:30

NVD link : CVE-2026-2033

Mitre link : CVE-2026-2033

CVE.ORG link : CVE-2026-2033

JSON object : View

Products Affected

No product.

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2026-2033", "cveTags": [], "metrics": {"ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2026-2033", "role": "CISA Coordinator", "options": [{"exploitation": "none"}, {"automatable": "no"}, {"technicalImpact": "total"}], "version": "2.0.3", "timestamp": "2026-02-25T04:55:54.624367Z"}}], "cvssMetricV30": [{"type": "Secondary", "source": "zdi-disclosures@trendmicro.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.2}]}, "affected": [{"source": "zdi-disclosures@trendmicro.com", "affectedData": [{"vendor": "MLflow", "product": "MLflow", "versions": [{"status": "affected", "version": "3.1.1 and 5b9c01925c2e2a8cf0951f155a6a468ff99cfe0f"}], "defaultStatus": "unknown"}]}], "published": "2026-02-20T23:16:03.093", "references": [{"url": "https://github.com/mlflow/mlflow/pull/19260", "source": "zdi-disclosures@trendmicro.com"}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-26-105/", "source": "zdi-disclosures@trendmicro.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "zdi-disclosures@trendmicro.com", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "MLflow Tracking Server Artifact Handler Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MLflow Tracking Server. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of artifact file paths. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-26649."}, {"lang": "es", "value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo por salto de directorio en el gestor de artefactos de MLflow Tracking Server. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en instalaciones afectadas de MLflow Tracking Server. No es necesaria la autenticaci\u00f3n para explotar esta vulnerabilidad.\n\nLa falla reside en el manejo de las rutas de archivos de artefactos. El problema se debe a la falta de validaci\u00f3n adecuada de una ruta proporcionada por el usuario antes de usarla en operaciones de archivo. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto de la cuenta de servicio. Fue ZDI-CAN-26649."}], "lastModified": "2026-06-17T10:30:10.307", "sourceIdentifier": "zdi-disclosures@trendmicro.com"}