Bug 2469196 (CVE-2026-2393) - CVE-2026-2393 mlflow: MLflow: Server-Side Request Forgery (SSRF) allows internal network access and data exfiltration.
Summary: CVE-2026-2393 mlflow: MLflow: Server-Side Request Forgery (SSRF) allows inter...
Keywords:
Status: NEW
Alias: CVE-2026-2393
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-05-11 18:03 UTC by OSIDB Bzimport
Modified: 2026-07-08 07:14 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description OSIDB Bzimport 2026-05-11 18:03:02 UTC
A Server-Side Request Forgery (SSRF) vulnerability exists in MLflow versions prior to 3.9.0. The `_create_webhook()` function in `mlflow/server/handlers.py` accepts a user-controlled `url` parameter without validation, and the `_send_webhook_request()` function in `mlflow/webhooks/delivery.py` sends HTTP POST requests to this attacker-controlled URL. This allows an authenticated attacker to force the MLflow backend to send HTTP requests to internal services, cloud metadata endpoints, or arbitrary external servers. The lack of input sanitization, URL scheme filtering, or allowlist validation on the webhook URL enables exploitation, potentially leading to cloud credential theft, internal network access, and data exfiltration.


Note You need to log in before you can comment on or make changes to this bug.