[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2026-4035":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-03T20:53:27.442Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":55,"aliases":56,"duplicate_of":9,"upstream":57,"downstream":58,"duplicates":59,"related":60,"reserved_at":9,"published_at":61,"modified_at":62,"state":63,"summary":64,"references_raw":73,"kevs":83,"epss":84,"epss_history":87,"metrics":89,"affected":97},"CVE-2026-4035","A vulnerability in mlflow/mlflow versions prior to 3.11.0 allows for the resolution of environment variables in AI Gateway secrets, which can be exploited to exfiltrate sensitive server-side environment credentials to an attacker-controlled endpoint. This issue arises because the `api_key` field in gateway secrets can accept `$ENV_VAR` references, which are resolved against the MLflow server's environment during runtime. The resolved secrets are then sent in provider authentication headers to the configured upstream `api_base`. This vulnerability can be exploited by low-privileged authenticated users in basic-auth deployments or by unauthenticated users in default deployments without `basic-auth`. The impact includes potential leakage of sensitive credentials such as cloud artifact credentials (`AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`), which could lead to artifact poisoning and cross-boundary code execution in downstream environments. The issue is fixed in version 3.11.0.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-201","Insertion of Sensitive Information Into Sent Data","The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.","weakness","Draft","Base",[19,23,27,31,35,39,43,47,51],{"id":20,"name":21,"techniques":22},"CAPEC-12","Choosing Message Identifier",[],{"id":24,"name":25,"techniques":26},"CAPEC-217","Exploiting Incorrectly Configured SSL/TLS",[],{"id":28,"name":29,"techniques":30},"CAPEC-612","WiFi MAC Address Tracking",[],{"id":32,"name":33,"techniques":34},"CAPEC-613","WiFi SSID Tracking",[],{"id":36,"name":37,"techniques":38},"CAPEC-618","Cellular Broadcast Message Request",[],{"id":40,"name":41,"techniques":42},"CAPEC-619","Signal Strength Tracking",[],{"id":44,"name":45,"techniques":46},"CAPEC-621","Analysis of Packet Timing and Sizes",[],{"id":48,"name":49,"techniques":50},"CAPEC-622","Electromagnetic Side-Channel Attack",[],{"id":52,"name":53,"techniques":54},"CAPEC-623","Compromising Emanations Attack",[],[],[],[],[],[],[],"2026-06-03T07:18:08.512Z","2026-06-03T13:10:24.407Z","Received",{"cisa_kev":65,"cisa_ransomware":65,"cisa_vendor":9,"epss_severity":66,"epss_score":67,"severity":68,"severity_score":69,"severity_version":70,"severity_source":71,"severity_vector":72,"severity_status":63},false,"low",0.00278,"critical",9.1,"v3.0","cve.org","CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L",[74,79],{"url":75,"sources":76,"tags":78},"https://huntr.com/bounties/f8e591a0-0f19-4910-b82e-16c9956f2233",[71,77],"nvd",[],{"url":80,"sources":81,"tags":82},"https://github.com/mlflow/mlflow/commit/4a3f2f720cb4f058c9e0c5b883e0acc9ab64a7f3",[71,77],[],[],{"date":85,"score":67,"percentile":86},"2026-06-03",0.51428,[88],{"date":85,"score":67,"percentile":86},[90,95],{"source":71,"cvss_v2_0":9,"cvss_v3_0":91,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":69,"baseSeverity":92,"vectorString":72,"impactScore":93,"exploitabilityScore":94},"CRITICAL",8.8,7.9,{"source":77,"cvss_v2_0":9,"cvss_v3_0":96,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":69,"baseSeverity":92,"vectorString":72,"impactScore":93,"exploitabilityScore":94},[98],{"ecosystem":9,"name":99,"vendor":100,"product":99,"cpe_part":101,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":102},"mlflow/mlflow","mlflow","a",[103],{"version":104,"is_range":105,"range_type":71,"version_start":106,"version_start_type":107,"version_end":108,"version_end_type":109,"fixed_in":9},">= unspecified, \u003C 3.11.0",true,"unspecified","including","3.11.0","excluding"]