Nixpkgs security tracker

Login with GitHub

Details of issue NIXPKGS-2026-0968

NIXPKGS-2026-0968

GitHub issue published on

Permalink CVE-2026-33866

updated 3 weeks, 5 days ago by @LeSuisse Activity log

Created suggestion 3 weeks, 5 days ago
@LeSuisse ignored
4 packages
- python312Packages.sagemaker-mlflow
- python313Packages.sagemaker-mlflow
- python314Packages.sagemaker-mlflow
- pkgsRocm.python3Packages.sagemaker-mlflow
3 weeks, 5 days ago
@LeSuisse accepted 3 weeks, 5 days ago
@LeSuisse published on GitHub 3 weeks, 5 days ago

Authorization Bypass in MLflow AJAX Endpoint

MLflow is vulnerable to an authorization bypass affecting the AJAX endpoint used to download saved model artifacts. Due to missing access‑control validation, a user without permissions to a given experiment can directly query this endpoint and retrieve model artifacts they are not authorized to access. This issue affects MLflow version through 3.10.1

References

https://github.com/mlflow/mlflow/pull/21708 patch
https://cert.pl/en/posts/2026/04/CVE-2026-33865/ third-party-advisory

Affected products

mlflow

=<3.10.1

Matching in nixpkgs

pkgs.mlflow-server

Open source platform for the machine learning lifecycle

nixos-unstable 3.8.1
- nixpkgs-unstable 3.8.1
- nixos-unstable-small 3.8.1
nixos-25.11 3.3.1
- nixos-25.11-small 3.3.1
- nixpkgs-25.11-darwin 3.3.1

pkgs.pkgsRocm.mlflow-server

Open source platform for the machine learning lifecycle

nixos-unstable 3.8.1
- nixpkgs-unstable 3.8.1
- nixos-unstable-small 3.8.1
nixos-25.11 3.3.1
- nixos-25.11-small 3.3.1
- nixpkgs-25.11-darwin 3.3.1

pkgs.python312Packages.mlflow

Open source platform for the machine learning lifecycle

nixos-25.11 3.3.1
- nixos-25.11-small 3.3.1
- nixpkgs-25.11-darwin 3.3.1

pkgs.python313Packages.mlflow

Open source platform for the machine learning lifecycle

nixos-unstable 3.8.1
- nixpkgs-unstable 3.8.1
- nixos-unstable-small 3.8.1
nixos-25.11 3.3.1
- nixos-25.11-small 3.3.1
- nixpkgs-25.11-darwin 3.3.1

pkgs.python314Packages.mlflow

Open source platform for the machine learning lifecycle

nixos-unstable 3.8.1
- nixpkgs-unstable 3.8.1
- nixos-unstable-small 3.8.1

pkgs.pkgsRocm.python3Packages.mlflow

Open source platform for the machine learning lifecycle

nixos-unstable 3.8.1
- nixpkgs-unstable 3.8.1
- nixos-unstable-small 3.8.1
nixos-25.11 3.3.1
- nixos-25.11-small 3.3.1
- nixpkgs-25.11-darwin 3.3.1

Ignored packages (4)

pkgs.python312Packages.sagemaker-mlflow

MLFlow plugin for SageMaker

nixos-25.11 0.1.1
- nixos-25.11-small 0.1.1
- nixpkgs-25.11-darwin 0.1.1

pkgs.python313Packages.sagemaker-mlflow

MLFlow plugin for SageMaker

nixos-unstable 0.2.0
- nixpkgs-unstable 0.2.0
- nixos-unstable-small 0.2.0
nixos-25.11 0.1.1
- nixos-25.11-small 0.1.1
- nixpkgs-25.11-darwin 0.1.1

pkgs.python314Packages.sagemaker-mlflow

MLFlow plugin for SageMaker

nixos-unstable 0.2.0
- nixpkgs-unstable 0.2.0
- nixos-unstable-small 0.2.0

pkgs.pkgsRocm.python3Packages.sagemaker-mlflow

MLFlow plugin for SageMaker

nixos-unstable 0.2.0
- nixpkgs-unstable 0.2.0
- nixos-unstable-small 0.2.0
nixos-25.11 0.1.1
- nixos-25.11-small 0.1.1
- nixpkgs-25.11-darwin 0.1.1

Package maintainers

@tbenst Tyler Benster <nix@tylerbenster.com>