CVE-2026-4137 – Incomplete Fix for CVE-2025-10279: Insecure Temporary Directory Permissions in mlflow/mlflow

CVE ID :CVE-2026-4137

Published : May 18, 2026, 8:26 p.m. | 31 minutes ago

Description :In mlflow/mlflow versions prior to 3.11.0, the `get_or_create_nfs_tmp_dir()` function in `mlflow/utils/file_utils.py` creates temporary directories with world-writable permissions (0o777), and the `_create_model_downloading_tmp_dir()` function in `mlflow/pyfunc/__init__.py` creates directories with group-writable permissions (0o770). These insecure permissions allow local attackers to tamper with model artifacts, such as cloudpickle-serialized Python objects, and achieve arbitrary code execution when the tampered artifacts are deserialized via `cloudpickle.load()`. This vulnerability is particularly critical in environments with shared NFS mounts, such as Databricks, where NFS is enabled by default. The issue is a continuation of the vulnerability class addressed in CVE-2025-10279, which was only partially fixed.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-25244 – WebdriverIO has Command Injection in the BrowserStack Service

CVE-2026-22810 – Joplin: Path traversal in OneNote importer allows overwriting arbitrary files

CVE-2026-47092 – Claude HUD 0.0.12 Arbitrary Command Execution via COMSPEC Environment Variable

CVE-2026-47091 – Claude HUD 0.0.12 Path Traversal via transcript_path