CVE-2026-0596

HIGH EPSS 67.5%

Published Mar 31, 20263mo ago · Modified Jun 17, 20261w ago

7.8 CVSS 3.1

High

Published Mar 31, 2026 3mo ago

Last Modified Jun 17, 2026 1w ago

Description

A command injection vulnerability exists in mlflow/mlflow when serving a model with `enable_mlserver=True`. The `model_uri` is embedded directly into a shell command executed via `bash -c` without proper sanitization. If the `model_uri` contains shell metacharacters, such as `$()` or backticks, it allows for command substitution and execution of attacker-controlled commands. This vulnerability affects the latest version of mlflow/mlflow and can lead to privilege escalation if a higher-privileged service serves models from a directory writable by lower-privileged users.

CVSS Details

Base Score

7.8

Exploitability

1.8

Impact

5.9

Vector string

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector Local

Attack Complexity Low

Privileges Required Low

User Interaction None

Scope Unchanged

Confidentiality High

Integrity High

Availability High

Threat Intelligence

EPSS Exploit Probability

67.5% percentile

Exploit & Patch Status

Public Exploit Known

No Patch Available

Weaknesses 1

CWE-78 OS Command Injection Injection

Affected Products 1

Vendor	Product	Version	Range
lfprojects	mlflow	*	any

References 1

huntr.com https://huntr.com/bounties/2e905add-f9f5-4309-a3db-b17de5981285

ExploitThird Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.