Nixpkgs Security Tracker

Published

Permalink CVE-2026-2635

updated 3 weeks, 4 days ago by @LeSuisse Activity log

Created automatic suggestion 1 month ago
@LeSuisse removed
4 packages
- pkgsRocm.python3Packages.sagemaker-mlflow
- python314Packages.sagemaker-mlflow
- python313Packages.sagemaker-mlflow
- python312Packages.sagemaker-mlflow
3 weeks, 4 days ago
@LeSuisse accepted 3 weeks, 4 days ago
@LeSuisse published on GitHub 3 weeks, 4 days ago

MLflow Use of Default Password Authentication Bypass Vulnerability

MLflow Use of Default Password Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of MLflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the basic_auth.ini file. The file contains hard-coded default credentials. An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of the administrator. Was ZDI-CAN-28256.

References

ZDI-26-111 x_research-advisory
vendor-provided URL vendor-advisory

Affected products

MLflow

==3.4.0

Matching in nixpkgs

pkgs.mlflow-server

Open source platform for the machine learning lifecycle

nixos-unstable 3.3.1
- nixpkgs-unstable 3.3.1
- nixos-unstable-small 3.3.1
nixos-25.11 3.3.1
- nixos-25.11-small 3.3.1
- nixpkgs-25.11-darwin 3.3.1

pkgs.pkgsRocm.mlflow-server

Open source platform for the machine learning lifecycle

nixos-unstable 3.3.1
- nixpkgs-unstable 3.3.1
- nixos-unstable-small 3.3.1
nixos-25.11 3.3.1
- nixos-25.11-small 3.3.1
- nixpkgs-25.11-darwin 3.3.1

pkgs.python312Packages.mlflow

Open source platform for the machine learning lifecycle

nixos-25.11 3.3.1
- nixos-25.11-small 3.3.1
- nixpkgs-25.11-darwin 3.3.1

pkgs.python313Packages.mlflow

Open source platform for the machine learning lifecycle

nixos-unstable 3.3.1
- nixpkgs-unstable 3.3.1
- nixos-unstable-small 3.3.1
nixos-25.11 3.3.1
- nixos-25.11-small 3.3.1
- nixpkgs-25.11-darwin 3.3.1

pkgs.python314Packages.mlflow

Open source platform for the machine learning lifecycle

nixos-unstable 3.3.1
- nixpkgs-unstable 3.3.1
- nixos-unstable-small 3.3.1

pkgs.pkgsRocm.python3Packages.mlflow

Open source platform for the machine learning lifecycle

nixos-unstable 3.3.1
- nixpkgs-unstable 3.3.1
- nixos-unstable-small 3.3.1
nixos-25.11 3.3.1
- nixos-25.11-small 3.3.1
- nixpkgs-25.11-darwin 3.3.1

Ignored packages (4)

pkgs.python312Packages.sagemaker-mlflow

MLFlow plugin for SageMaker

nixos-25.11 0.1.1
- nixos-25.11-small 0.1.1
- nixpkgs-25.11-darwin 0.1.1

pkgs.python313Packages.sagemaker-mlflow

MLFlow plugin for SageMaker

nixos-unstable 0.2.0
- nixpkgs-unstable 0.2.0
- nixos-unstable-small 0.2.0
nixos-25.11 0.1.1
- nixos-25.11-small 0.1.1
- nixpkgs-25.11-darwin 0.1.1

pkgs.python314Packages.sagemaker-mlflow

MLFlow plugin for SageMaker

nixos-unstable 0.2.0
- nixpkgs-unstable 0.2.0
- nixos-unstable-small 0.2.0

pkgs.pkgsRocm.python3Packages.sagemaker-mlflow

MLFlow plugin for SageMaker

nixos-unstable 0.2.0
- nixpkgs-unstable 0.2.0
- nixos-unstable-small 0.2.0
nixos-25.11 0.1.1
- nixos-25.11-small 0.1.1
- nixpkgs-25.11-darwin 0.1.1

Package maintainers

@tbenst Tyler Benster <nix@tylerbenster.com>

Upstream PR: https://github.com/mlflow/mlflow/pull/19260
ZDI advisory: https://www.zerodayinitiative.com/advisories/ZDI-26-111/

Untriaged

Permalink CVE-2026-2033

created 1 month ago

MLflow Tracking Server Artifact Handler Directory Traversal Remote Code Execution Vulnerability

MLflow Tracking Server Artifact Handler Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MLflow Tracking Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of artifact file paths. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-26649.

References

ZDI-26-105 x_research-advisory
vendor-provided URL vendor-advisory

Affected products

MLflow

==3.1.1 and 5b9c01925c2e2a8cf0951f155a6a468ff99cfe0f

Matching in nixpkgs

pkgs.mlflow-server

Open source platform for the machine learning lifecycle

nixos-unstable 3.3.1
- nixpkgs-unstable 3.3.1
- nixos-unstable-small 3.3.1
nixos-25.11 3.3.1
- nixos-25.11-small 3.3.1
- nixpkgs-25.11-darwin 3.3.1

pkgs.pkgsRocm.mlflow-server

Open source platform for the machine learning lifecycle

nixos-unstable 3.3.1
- nixpkgs-unstable 3.3.1
- nixos-unstable-small 3.3.1
nixos-25.11 3.3.1
- nixos-25.11-small 3.3.1
- nixpkgs-25.11-darwin 3.3.1

pkgs.python312Packages.mlflow

Open source platform for the machine learning lifecycle

nixos-25.11 3.3.1
- nixos-25.11-small 3.3.1
- nixpkgs-25.11-darwin 3.3.1

pkgs.python313Packages.mlflow

Open source platform for the machine learning lifecycle

nixos-unstable 3.3.1
- nixpkgs-unstable 3.3.1
- nixos-unstable-small 3.3.1
nixos-25.11 3.3.1
- nixos-25.11-small 3.3.1
- nixpkgs-25.11-darwin 3.3.1

pkgs.python314Packages.mlflow

Open source platform for the machine learning lifecycle

nixos-unstable 3.3.1
- nixpkgs-unstable 3.3.1
- nixos-unstable-small 3.3.1

pkgs.pkgsRocm.python3Packages.mlflow

Open source platform for the machine learning lifecycle

nixos-unstable 3.3.1
- nixpkgs-unstable 3.3.1
- nixos-unstable-small 3.3.1
nixos-25.11 3.3.1
- nixos-25.11-small 3.3.1
- nixpkgs-25.11-darwin 3.3.1

pkgs.python312Packages.sagemaker-mlflow

MLFlow plugin for SageMaker

nixos-25.11 0.1.1
- nixos-25.11-small 0.1.1
- nixpkgs-25.11-darwin 0.1.1

pkgs.python313Packages.sagemaker-mlflow

MLFlow plugin for SageMaker

nixos-unstable 0.2.0
- nixpkgs-unstable 0.2.0
- nixos-unstable-small 0.2.0
nixos-25.11 0.1.1
- nixos-25.11-small 0.1.1
- nixpkgs-25.11-darwin 0.1.1

pkgs.python314Packages.sagemaker-mlflow

MLFlow plugin for SageMaker

nixos-unstable 0.2.0
- nixpkgs-unstable 0.2.0
- nixos-unstable-small 0.2.0

pkgs.pkgsRocm.python3Packages.sagemaker-mlflow

MLFlow plugin for SageMaker

nixos-unstable 0.2.0
- nixpkgs-unstable 0.2.0
- nixos-unstable-small 0.2.0
nixos-25.11 0.1.1
- nixos-25.11-small 0.1.1
- nixpkgs-25.11-darwin 0.1.1

Package maintainers

@tbenst Tyler Benster <nix@tylerbenster.com>
@GaetanLepage Gaetan Lepage <gaetan@glepage.com>

Untriaged

Permalink CVE-2024-27134

7.0 HIGH

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): HIGH
Privileges required (PR): NONE
User interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 6 months ago

Excessive directory permissions in MLflow leads to local privilege escalation when using spark_udf

Excessive directory permissions in MLflow leads to local privilege escalation when using spark_udf. This behavior can be exploited by a local attacker to gain elevated permissions by using a ToCToU attack. The issue is only relevant when the spark_udf() MLflow API is called.

References

https://github.com/mlflow/mlflow/pull/10874 patch

Affected products

mlflow

<2.16.0

Matching in nixpkgs

pkgs.mlflow-server

Open source platform for the machine learning lifecycle

nixos-unstable -
- nixpkgs-unstable 3.3.1

pkgs.python312Packages.mlflow

Open source platform for the machine learning lifecycle

nixos-unstable -
- nixpkgs-unstable 3.3.1

pkgs.python313Packages.mlflow

Open source platform for the machine learning lifecycle

nixos-unstable -
- nixpkgs-unstable 3.3.1

pkgs.python312Packages.sagemaker-mlflow

MLFlow plugin for SageMaker

nixos-unstable -
- nixpkgs-unstable 0.1.1

pkgs.python313Packages.sagemaker-mlflow

MLFlow plugin for SageMaker

nixos-unstable -
- nixpkgs-unstable 0.1.1

Package maintainers

@tbenst Tyler Benster <nix@tylerbenster.com>
@GaetanLepage Gaetan Lepage <gaetan@glepage.com>

Untriaged

Permalink CVE-2024-37058

8.8 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 6 months ago

Deserialization of untrusted data can occur in versions of the …

Deserialization of untrusted data can occur in versions of the MLflow platform running version 2.5.0 or newer, enabling a maliciously uploaded Langchain AgentExecutor model to run arbitrary code on an end user’s system when interacted with.

References

Affected products

mlflow

=<*
==2.5.0

Matching in nixpkgs

pkgs.mlflow-server

Open source platform for the machine learning lifecycle

nixos-unstable -
- nixpkgs-unstable 3.3.1

pkgs.python312Packages.mlflow

Open source platform for the machine learning lifecycle

nixos-unstable -
- nixpkgs-unstable 3.3.1

pkgs.python313Packages.mlflow

Open source platform for the machine learning lifecycle

nixos-unstable -
- nixpkgs-unstable 3.3.1

pkgs.python312Packages.sagemaker-mlflow

MLFlow plugin for SageMaker

nixos-unstable -
- nixpkgs-unstable 0.1.1

pkgs.python313Packages.sagemaker-mlflow

MLFlow plugin for SageMaker

nixos-unstable -
- nixpkgs-unstable 0.1.1

Package maintainers

@tbenst Tyler Benster <nix@tylerbenster.com>
@GaetanLepage Gaetan Lepage <gaetan@glepage.com>

Untriaged

Permalink CVE-2024-37061

8.8 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 6 months ago

Remote Code Execution can occur in versions of the MLflow …

Remote Code Execution can occur in versions of the MLflow platform running version 1.11.0 or newer, enabling a maliciously crafted MLproject to execute arbitrary code on an end user’s system when run.

References

Affected products

mlflow

=<*

Matching in nixpkgs

pkgs.mlflow-server

Open source platform for the machine learning lifecycle

nixos-unstable -
- nixpkgs-unstable 3.3.1

pkgs.python312Packages.mlflow

Open source platform for the machine learning lifecycle

nixos-unstable -
- nixpkgs-unstable 3.3.1

pkgs.python313Packages.mlflow

Open source platform for the machine learning lifecycle

nixos-unstable -
- nixpkgs-unstable 3.3.1

pkgs.python312Packages.sagemaker-mlflow

MLFlow plugin for SageMaker

nixos-unstable -
- nixpkgs-unstable 0.1.1

pkgs.python313Packages.sagemaker-mlflow

MLFlow plugin for SageMaker

nixos-unstable -
- nixpkgs-unstable 0.1.1

Package maintainers

@tbenst Tyler Benster <nix@tylerbenster.com>
@GaetanLepage Gaetan Lepage <gaetan@glepage.com>

Untriaged

Permalink CVE-2024-37053

8.8 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 6 months ago

Deserialization of untrusted data can occur in versions of the …

Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling a maliciously uploaded scikit-learn model to run arbitrary code on an end user’s system when interacted with.

References

Affected products

mlflow

=<*

Matching in nixpkgs

pkgs.mlflow-server

Open source platform for the machine learning lifecycle

nixos-unstable -
- nixpkgs-unstable 3.3.1

pkgs.python312Packages.mlflow

Open source platform for the machine learning lifecycle

nixos-unstable -
- nixpkgs-unstable 3.3.1

pkgs.python313Packages.mlflow

Open source platform for the machine learning lifecycle

nixos-unstable -
- nixpkgs-unstable 3.3.1

pkgs.python312Packages.sagemaker-mlflow

MLFlow plugin for SageMaker

nixos-unstable -
- nixpkgs-unstable 0.1.1

pkgs.python313Packages.sagemaker-mlflow

MLFlow plugin for SageMaker

nixos-unstable -
- nixpkgs-unstable 0.1.1

Package maintainers

@tbenst Tyler Benster <nix@tylerbenster.com>
@GaetanLepage Gaetan Lepage <gaetan@glepage.com>

Untriaged

Permalink CVE-2024-37052

8.8 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 6 months ago

Deserialization of untrusted data can occur in versions of the …

Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling a maliciously uploaded scikit-learn model to run arbitrary code on an end user’s system when interacted with.

References

Affected products

mlflow

=<*
==1.1.0

Matching in nixpkgs

pkgs.mlflow-server

Open source platform for the machine learning lifecycle

nixos-unstable -
- nixpkgs-unstable 3.3.1

pkgs.python312Packages.mlflow

Open source platform for the machine learning lifecycle

nixos-unstable -
- nixpkgs-unstable 3.3.1

pkgs.python313Packages.mlflow

Open source platform for the machine learning lifecycle

nixos-unstable -
- nixpkgs-unstable 3.3.1

pkgs.python312Packages.sagemaker-mlflow

MLFlow plugin for SageMaker

nixos-unstable -
- nixpkgs-unstable 0.1.1

pkgs.python313Packages.sagemaker-mlflow

MLFlow plugin for SageMaker

nixos-unstable -
- nixpkgs-unstable 0.1.1

Package maintainers

@tbenst Tyler Benster <nix@tylerbenster.com>
@GaetanLepage Gaetan Lepage <gaetan@glepage.com>

Untriaged

Permalink CVE-2024-37060

8.8 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 6 months ago

Deserialization of untrusted data can occur in versions of the …

Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.27.0 or newer, enabling a maliciously crafted Recipe to execute arbitrary code on an end user’s system when run.

References

Affected products

mlflow

=<*

Matching in nixpkgs

pkgs.mlflow-server

Open source platform for the machine learning lifecycle

nixos-unstable -
- nixpkgs-unstable 3.3.1

pkgs.python312Packages.mlflow

Open source platform for the machine learning lifecycle

nixos-unstable -
- nixpkgs-unstable 3.3.1

pkgs.python313Packages.mlflow

Open source platform for the machine learning lifecycle

nixos-unstable -
- nixpkgs-unstable 3.3.1

pkgs.python312Packages.sagemaker-mlflow

MLFlow plugin for SageMaker

nixos-unstable -
- nixpkgs-unstable 0.1.1

pkgs.python313Packages.sagemaker-mlflow

MLFlow plugin for SageMaker

nixos-unstable -
- nixpkgs-unstable 0.1.1

Package maintainers

@tbenst Tyler Benster <nix@tylerbenster.com>
@GaetanLepage Gaetan Lepage <gaetan@glepage.com>

Untriaged

Permalink CVE-2024-37055

8.8 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 6 months ago

Deserialization of untrusted data can occur in versions of the …

Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.24.0 or newer, enabling a maliciously uploaded pmdarima model to run arbitrary code on an end user’s system when interacted with.

References

Affected products

mlflow

=<*

Matching in nixpkgs

pkgs.mlflow-server

Open source platform for the machine learning lifecycle

nixos-unstable -
- nixpkgs-unstable 3.3.1

pkgs.python312Packages.mlflow

Open source platform for the machine learning lifecycle

nixos-unstable -
- nixpkgs-unstable 3.3.1

pkgs.python313Packages.mlflow

Open source platform for the machine learning lifecycle

nixos-unstable -
- nixpkgs-unstable 3.3.1

pkgs.python312Packages.sagemaker-mlflow

MLFlow plugin for SageMaker

nixos-unstable -
- nixpkgs-unstable 0.1.1

pkgs.python313Packages.sagemaker-mlflow

MLFlow plugin for SageMaker

nixos-unstable -
- nixpkgs-unstable 0.1.1

Package maintainers

@tbenst Tyler Benster <nix@tylerbenster.com>
@GaetanLepage Gaetan Lepage <gaetan@glepage.com>

Untriaged

Permalink CVE-2024-37056

8.8 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 6 months ago

Deserialization of untrusted data can occur in versions of the …

Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.23.0 or newer, enabling a maliciously uploaded LightGBM scikit-learn model to run arbitrary code on an end user’s system when interacted with.

References

Affected products

mlflow

=<*
*

Matching in nixpkgs

pkgs.mlflow-server

Open source platform for the machine learning lifecycle

nixos-unstable -
- nixpkgs-unstable 3.3.1

pkgs.python312Packages.mlflow

Open source platform for the machine learning lifecycle

nixos-unstable -
- nixpkgs-unstable 3.3.1

pkgs.python313Packages.mlflow

Open source platform for the machine learning lifecycle

nixos-unstable -
- nixpkgs-unstable 3.3.1

pkgs.python312Packages.sagemaker-mlflow

MLFlow plugin for SageMaker

nixos-unstable -
- nixpkgs-unstable 0.1.1

pkgs.python313Packages.sagemaker-mlflow

MLFlow plugin for SageMaker

nixos-unstable -
- nixpkgs-unstable 0.1.1

Package maintainers

@tbenst Tyler Benster <nix@tylerbenster.com>
@GaetanLepage Gaetan Lepage <gaetan@glepage.com>

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.mlflow-server

pkgs.pkgsRocm.mlflow-server

pkgs.python312Packages.mlflow

pkgs.python313Packages.mlflow

pkgs.python314Packages.mlflow

pkgs.pkgsRocm.python3Packages.mlflow

pkgs.python312Packages.sagemaker-mlflow

pkgs.python313Packages.sagemaker-mlflow

pkgs.python314Packages.sagemaker-mlflow

pkgs.pkgsRocm.python3Packages.sagemaker-mlflow

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.mlflow-server

pkgs.pkgsRocm.mlflow-server

pkgs.python312Packages.mlflow

pkgs.python313Packages.mlflow

pkgs.python314Packages.mlflow

pkgs.pkgsRocm.python3Packages.mlflow

pkgs.python312Packages.sagemaker-mlflow

pkgs.python313Packages.sagemaker-mlflow

pkgs.python314Packages.sagemaker-mlflow

pkgs.pkgsRocm.python3Packages.sagemaker-mlflow

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.mlflow-server

pkgs.python312Packages.mlflow

pkgs.python313Packages.mlflow

pkgs.python312Packages.sagemaker-mlflow

pkgs.python313Packages.sagemaker-mlflow

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.mlflow-server

pkgs.python312Packages.mlflow

pkgs.python313Packages.mlflow

pkgs.python312Packages.sagemaker-mlflow

pkgs.python313Packages.sagemaker-mlflow

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.mlflow-server

pkgs.python312Packages.mlflow

pkgs.python313Packages.mlflow

pkgs.python312Packages.sagemaker-mlflow

pkgs.python313Packages.sagemaker-mlflow

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.mlflow-server

pkgs.python312Packages.mlflow

pkgs.python313Packages.mlflow

pkgs.python312Packages.sagemaker-mlflow

pkgs.python313Packages.sagemaker-mlflow

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.mlflow-server

pkgs.python312Packages.mlflow

pkgs.python313Packages.mlflow

pkgs.python312Packages.sagemaker-mlflow

pkgs.python313Packages.sagemaker-mlflow

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.mlflow-server

pkgs.python312Packages.mlflow

pkgs.python313Packages.mlflow