Skip to main content
COSMICBYTEZLABS
NewsSecurityHOWTOsToolsStudyTraining
ProjectsNewsletterHire MeAbout
Subscribe

Press Enter to search or Esc to close

News
Security
HOWTOs
Tools
Study
Training
Projects
Newsletter
Hire Me
About
RSS Feed
Reading List
Subscribe

Stay in the Loop

Get the latest security alerts, tutorials, and tech insights delivered to your inbox.

Subscribe NowFree forever. No spam.
COSMICBYTEZLABS

Your trusted source for IT intelligence, cybersecurity insights, and hands-on technical guides.

1327+ Articles
158+ Guides

CONTENT

  • Latest News
  • Security Alerts
  • HOWTOs
  • Checklists
  • Projects
  • Exam Prep

RESOURCES

  • Search
  • Browse Tags
  • Newsletter Archive
  • Reading List
  • RSS Feed

COMPANY

  • About Us
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CosmicBytez Labs. All rights reserved.

System Status: Operational
All tags
5 articles

#MLflow

All CosmicBytez Labs articles tagged #MLflow, across news, security advisories, how-to guides, and projects.

  • SecurityJun 3, 2026

    CVE-2026-4035: MLflow AI Gateway Credential Exfiltration via Env Variable Resolution

    A CVSS 9.1 critical flaw in MLflow AI Gateway allows server-side environment variables in api_key fields to be resolved and exfiltrated to attacker-controlled endpoints in versions prior to 3.11.0.

  • SecurityMay 20, 2026

    CVE-2026-2611: MLflow 3.9.0 Improper Origin Validation

    A critical CVSS 9.6 vulnerability in MLflow 3.9.0 allows a remote attacker to exploit improper origin validation in the MLflow Assistant's /ajax-api...

  • SecurityApr 1, 2026

    CVE-2026-0596: MLflow Command Injection via Unsanitized

    A critical command injection vulnerability in mlflow/mlflow allows attackers to execute arbitrary shell commands by embedding metacharacters in the...

  • SecurityMar 30, 2026

    CVE-2025-15036: MLflow Path Traversal in Archive Extraction

    A critical path traversal vulnerability in MLflow's extract_archive_to_dir function allows attackers to write arbitrary files outside the intended...

  • SecurityMar 30, 2026

    CVE-2025-15379: MLflow Command Injection in Model Serving

    A maximum-severity command injection vulnerability in MLflow's model serving container initialization allows attackers to execute arbitrary OS commands...