CVE advisoryCRITICAL
CVE-2026-2651
MLflow Artifact Uploads Allow Unauthorized Cross-User Writes
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
A vulnerability in MLflow allows unauthorized users to overwrite artifacts when artifact serving is enabled, potentially leading to model supply chain poisoning and arbitrary code execution. The authorization logic lacks resource-level permission checks for certain endpoints, enabling cross-user writes.