A vulnerability was found in mlflow up to 3.9.x and classified as critical . Affected by this vulnerability is the function _find_fastapi_validator of the component Job API . Executing a manipulation can lead to authentication bypass by primary weakness. The identification of this vulnerability is CVE-2026-2652 . The attack may be launched remotely. There is no exploit available. It is suggested to upgrade the affected component.