Bug 2455899 (CVE-2026-33865)

Summary: CVE-2026-33865 MLflow: MLflow: Stored Cross-Site Scripting (XSS) via unsafe parsing of MLmodel artifacts
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: jkoehler, lphiri
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was found in MLflow, a platform for managing the machine learning lifecycle. This Stored Cross-Site Scripting (XSS) vulnerability, a type of injection where malicious scripts are injected into trusted websites, is caused by the unsafe parsing of YAML-based MLmodel artifacts in its web interface. An authenticated attacker can exploit this by uploading a malicious MLmodel file containing a payload. When another user views this artifact in the user interface, the payload executes, potentially leading to session hijacking or unauthorized operations on behalf of the victim.
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description OSIDB Bzimport 2026-04-07 13:01:31 UTC
MLflow is vulnerable to Stored Cross-Site Scripting (XSS) caused by unsafe parsing of YAML-based MLmodel artifacts in its web interface. An authenticated attacker can upload a malicious MLmodel file containing a payload that executes when another user views the artifact in the UI. This allows actions such as session hijacking or performing operations on behalf of the victim. 

This issue affects MLflow version through 3.10.1