SCA: security update for mlflow (GHSA-w5xq-c4pf-ghq7)

medium Tenable Self-Hosted Container Security Plugin ID 443128

Description

There are packages installed that are affected by a vulnerability referenced in the following CVE:

- In mlflow/mlflow versions up to 3.9.0, the `SearchModelVersions` REST API endpoint and the
`mlflowSearchModelVersions` GraphQL query lack proper per-model authorization checks when basic
authentication is enabled. This allows any authenticated user to enumerate all model versions across all
registered models, regardless of their permission level. The issue arises due to the absence of
`SearchModelVersions` in the `BEFORE_REQUEST_VALIDATORS` and `AFTER_REQUEST_HANDLERS` for the REST API,
and its omission from `GraphQLAuthorizationMiddleware.PROTECTED_FIELDS` for GraphQL. This vulnerability
can expose sensitive information such as model names, version descriptions, source URIs, tags, and other
metadata, potentially revealing proprietary or confidential details in multi-tenant environments. The
issue is resolved in version 3.10.0. (CVE-2026-2734)

Solution

Update the mlflow library and its related packages to version 3.10.0 or later.

See Also

https://github.com/advisories/GHSA-w5xq-c4pf-ghq7

Plugin Details

Severity: Medium

ID: 443128

Version: Revision 1.2

Type: Local

Family: SCA Checks

Published: 6/12/2026

Updated: 7/2/2026

Supported Sensors: Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Low

Score: 3

Percentile: 23.73

Vendor

Vendor Severity: Medium

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:N/A:N

CVSS Score Source: CVE-2026-2734

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 5.9

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/21/2026

Vulnerability Publication Date: 5/21/2026

Reference Information

CVE: CVE-2026-2734

cwe: CWE-284