CYBERHAWK / CVE / CVE-2026-4035

CVE-2026-4035

MLflow

HIGH CVSS 7.7 ai

The flaw

Environment variable resolution in AI Gateway secrets allows exfiltration of server-side credentials to attacker-controlled endpoint.

What to do

Update to MLflow version 3.11.0 or later

▸ Scan my repo for CVE-2026-4035

References

NVD CISA KEV OSV GitHub Advisory MITRE News search
First seen 2026-06-05 · Tracked by PickBits CyberHawk · Weekly CVE digest
← All CVEs RSS Scheduled audits