MLflow Security Flaw: FastAPI Job Endpoints Exposed Without Authentication (CVE-2026-0545)

A critical security vulnerability in the MLflow machine learning platform leaves its job management API completely unprotected. The flaw, tracked as CVE-2026-0545, exposes all FastAPI endpoints under the `/ajax-api/3.0/jobs/*` path, allowing unauthenticated and unauthorized access when the platform's basic authentication feature is enabled. This creates a direct channel for attackers to potentially manipulate, submit, or delete ML training and deployment jobs without any credentials.

The vulnerability resides within the core MLflow project, a widely-used open-source platform for managing the machine learning lifecycle. The issue is present in the latest versions and was identified in a GitHub security advisory (GHSA-7qhf-v65m-g5f3). The exposed endpoints are part of the job scheduling and execution system, a critical component for automating ML workflows. The advisory indicates that the standard `basic-auth` application, a common configuration for securing MLflow deployments, fails to enforce any access controls on these specific routes.

This exposure poses a significant risk to any organization using MLflow for production machine learning operations. An attacker with network access to the MLflow server could interfere with active model training pipelines, submit malicious jobs, or exfiltrate sensitive job configuration data. The flaw underscores the persistent security challenges in MLOps tooling, where complex permission models can leave critical administrative interfaces inadvertently open. The update to version 3.11.1, referenced in the dependency pull request, is the security patch intended to resolve this vulnerability.