This path traversal vulnerability impacts MLflow's artifact cache extraction functionality. The issue occurs because the library fails to validate tar member paths during extraction of user-supplied tar.gz artifacts. Attackers who control the input tar file can exploit this flaw to overwrite arbitrary files, escape sandbox restrictions, and gain elevated privileges on shared or multi-tenant clusters. The vulnerability is fixed in MLflow version 3.7.0 and newer.
Remediation
Upgrade MLflow to version 3.7.0 or later to patch this vulnerability. Implement least-privilege file permissions for MLflow processes to limit the impact of exploitation until upgrades are completed. Audit shared multi-tenant MLflow clusters for unauthorized file changes after applying the patch.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.