Description
In MLflow version 3.9.0, the MLflow Assistant feature introduced improper origin validation in its /ajax-api endpoints. This vulnerability allows a remote attacker to exploit cross-origin requests from a malicious webpage to interact with the MLflow Assistant running on a victim's local machine. By bypassing the loopback-only restriction, the attacker can modify the Assistant's configuration to enable full access, which in turn allows the execution of arbitrary commands via the Claude Code sub-agent. This issue is resolved in version 3.10.0.
Problem types
CWE-346 Origin Validation Error
Product status
References
huntr.com/bounties/8462addd-b464-4a84-b6a2-5529604e6e5a
access.redhat.com/security/cve/CVE-2026-2611
bugzilla.redhat.com/show_bug.cgi?id=2479797 (RHBZ#2479797)
security.access.redhat.com/...v2/vex/2026/cve-2026-2611.json
huntr.com/bounties/8462addd-b464-4a84-b6a2-5529604e6e5a
github.com/...ommit/8f9c8a53af90842944101eb8b7d60706822c81bc