1. MLflow 3.11.1 Patches Critical XSS Vulnerability (CVE-2026-33865) in Model Artifact UI
A critical security flaw in the MLflow machine learning platform has been patched, exposing authenticated users to session hijacking and unauthorized actions. The vulnerability, tracked as CVE-2026-33865, is a Stored Cross-Site Scripting (XSS) weakness in the platform's web interface. It stems from unsafe parsing of YA...