This pre-authenticated command injection vulnerability exists in MLflow's model serving initialization code. When deploying a model with the LOCAL environment manager, MLflow interpolates unsanitized user-controlled dependency specifications directly into a system shell command. Attackers can supply a malicious model artifact to achieve arbitrary remote command execution on the affected deployment. The flaw is officially patched in MLflow version 3.8.2.
Remediation
Upgrade MLflow to version 3.8.2 or later immediately to resolve this vulnerability. Disable use of the LOCAL env manager for deployments that accept untrusted model artifacts until the upgrade is complete. Scan existing MLflow deployments for indicators of unauthorized activity to rule out prior exploitation.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.