CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-13484

mediumCVSS 5covered by 1 sourcefirst seen 2026-06-28
A vulnerability has been found in MLflow up to 4666cffc7912ea606d592fc38d6a75e2935f65e7. The impacted element is an unknown function of the component Experiment-scoped Label Schema CRUD API. Such manipulation leads to missing authorization. It is possible to launch the attack remotely. A high complexity level is associated with this attack. The exploitability is regarded as difficult. The exploit has been disclosed to the public and may be used. A reply to the GitHub issue explains, that "[t]he labeling schema PR has not been merged yet. The auth handlers will be added before the release."

⚡ Watch CVE-2026-13484

Get an email if CVE-2026-13484 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Exploitation outlook

Advisory coverage (1)

External references

NVD record for CVE-2026-13484

CVE.org record

Embed the live status

CVE-2026-13484 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2026-13484 status](https://www.csirts.com/badge/CVE-2026-13484)](https://www.csirts.com/cve/CVE-2026-13484)