{"api_version":"1","generated_at":"2026-06-03T19:47:10+00:00","cve":"CVE-2026-3198","urls":{"html":"https://cve.report/CVE-2026-3198","api":"https://cve.report/api/cve/CVE-2026-3198.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-3198","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-3198"},"summary":{"title":"Improper Access Control in mlflow/mlflow","description":"MLflow 3.9.0 with basic-auth (`--app-name basic-auth`) fails to enforce authorization checks for multiple Gateway API 'list' endpoints. Specifically, the `BEFORE_REQUEST_HANDLERS` dictionary in `mlflow/server/auth/__init__.py` does not include entries for `ListGatewaySecretInfos`, `ListGatewayEndpoints`, and `ListGatewayModelDefinitions`. This allows any authenticated user, regardless of their assigned permissions, to enumerate all gateway secrets, endpoints, and model definitions. This vulnerability exposes sensitive information, such as API keys, endpoint configurations, and proprietary model definitions, to unauthorized users.","state":"PUBLISHED","assigner":"@huntr_ai","published_at":"2026-06-02 04:17:03","updated_at":"2026-06-03 17:07:05"},"problem_types":["CWE-284","CWE-284 CWE-284 Improper Access Control"],"metrics":[{"version":"3.0","source":"security@huntr.dev","type":"Secondary","score":"6.5","severity":"MEDIUM","vector":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","data":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"}},{"version":"3.0","source":"CNA","type":"DECLARED","score":"6.5","severity":"MEDIUM","vector":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","version":"3.0"}}],"references":[{"url":"https://huntr.com/bounties/e57db731-97d3-40c3-a429-831ee959807f","name":"https://huntr.com/bounties/e57db731-97d3-40c3-a429-831ee959807f","refsource":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-3198","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3198","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"mlflow","product":"mlflow/mlflow","version":"affected unspecified latest custom","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2026","cve_id":"3198","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"lfprojects","cpe5":"mlflow","cpe6":"3.9.0","cpe7":"-","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2026","cve_id":"3198","cve":"CVE-2026-3198","epss":"0.000250000","percentile":"0.074900000","score_date":"2026-06-02","updated_at":"2026-06-03 00:08:15"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2026-3198","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2026-06-02T13:32:18.258552Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-06-02T13:32:42.643Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"references":[{"tags":["exploit"],"url":"https://huntr.com/bounties/e57db731-97d3-40c3-a429-831ee959807f"}],"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"product":"mlflow/mlflow","vendor":"mlflow","versions":[{"lessThanOrEqual":"latest","status":"affected","version":"unspecified","versionType":"custom"}]}],"descriptions":[{"lang":"en","value":"MLflow 3.9.0 with basic-auth (`--app-name basic-auth`) fails to enforce authorization checks for multiple Gateway API 'list' endpoints. Specifically, the `BEFORE_REQUEST_HANDLERS` dictionary in `mlflow/server/auth/__init__.py` does not include entries for `ListGatewaySecretInfos`, `ListGatewayEndpoints`, and `ListGatewayModelDefinitions`. This allows any authenticated user, regardless of their assigned permissions, to enumerate all gateway secrets, endpoints, and model definitions. This vulnerability exposes sensitive information, such as API keys, endpoint configurations, and proprietary model definitions, to unauthorized users."}],"metrics":[{"cvssV3_0":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","version":"3.0"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-284","description":"CWE-284 Improper Access Control","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-06-02T02:50:47.890Z","orgId":"c09c270a-b464-47c1-9133-acb35b22c19a","shortName":"@huntr_ai"},"references":[{"url":"https://huntr.com/bounties/e57db731-97d3-40c3-a429-831ee959807f"}],"source":{"advisory":"e57db731-97d3-40c3-a429-831ee959807f","discovery":"EXTERNAL"},"title":"Improper Access Control in mlflow/mlflow"}},"cveMetadata":{"assignerOrgId":"c09c270a-b464-47c1-9133-acb35b22c19a","assignerShortName":"@huntr_ai","cveId":"CVE-2026-3198","datePublished":"2026-06-02T02:50:47.890Z","dateReserved":"2026-02-25T12:41:24.059Z","dateUpdated":"2026-06-02T13:32:42.643Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-06-02 04:17:03","lastModifiedDate":"2026-06-03 17:07:05","problem_types":["CWE-284","CWE-284 CWE-284 Improper Access Control"],"metrics":{"cvssMetricV30":[{"source":"security@huntr.dev","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:lfprojects:mlflow:3.9.0:-:*:*:*:*:*:*","matchCriteriaId":"454B4D36-BE89-42E7-A901-19B4DD7F4AC5"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"3198","Ordinal":"1","Title":"Improper Access Control in mlflow/mlflow","CVE":"CVE-2026-3198","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"3198","Ordinal":"1","NoteData":"MLflow 3.9.0 with basic-auth (`--app-name basic-auth`) fails to enforce authorization checks for multiple Gateway API 'list' endpoints. Specifically, the `BEFORE_REQUEST_HANDLERS` dictionary in `mlflow/server/auth/__init__.py` does not include entries for `ListGatewaySecretInfos`, `ListGatewayEndpoints`, and `ListGatewayModelDefinitions`. This allows any authenticated user, regardless of their assigned permissions, to enumerate all gateway secrets, endpoints, and model definitions. This vulnerability exposes sensitive information, such as API keys, endpoint configurations, and proprietary model definitions, to unauthorized users.","Type":"Description","Title":"Improper Access Control in mlflow/mlflow"}]}}}