CVE-2026-2393

NONE EPSS 20.5%
Published May 11, 20261mo ago · Modified Jun 17, 20261w ago
Find Similar
Published May 11, 2026 1mo ago
Last Modified Jun 17, 2026 1w ago

Description

A Server-Side Request Forgery (SSRF) vulnerability exists in MLflow versions prior to 3.9.0. The `_create_webhook()` function in `mlflow/server/handlers.py` accepts a user-controlled `url` parameter without validation, and the `_send_webhook_request()` function in `mlflow/webhooks/delivery.py` sends HTTP POST requests to this attacker-controlled URL. This allows an authenticated attacker to force the MLflow backend to send HTTP requests to internal services, cloud metadata endpoints, or arbitrary external servers. The lack of input sanitization, URL scheme filtering, or allowlist validation on the webhook URL enables exploitation, potentially leading to cloud credential theft, internal network access, and data exfiltration.

Threat Intelligence

EPSS Exploit Probability
20.5% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-918 Server-Side Request Forgery (SSRF) Validation

Affected Products 1

VendorProductVersionRange
lfprojectsmlflow* <3.9.0

References 2

  • github.com https://github.com/mlflow/mlflow/commit/64aa0ab7207f9c649b59ba1a5f40d82196817389
    Patch
  • huntr.com https://huntr.com/bounties/04ef100d-06b5-4a70-95b1-b7be23aa8150
    ExploitThird Party Advisory

Remediation

  • github.com https://github.com/mlflow/mlflow/commit/64aa0ab7207f9c649b59ba1a5f40d82196817389
    Patch