A vulnerability classified as critical has been found in MLflow up to 3.9.x . This impacts an unknown function of the file /ajax-api of the component Assistant Feature . This manipulation causes origin validation error. This vulnerability is registered as CVE-2026-2611 . Remote exploitation of the attack is possible. No exploit is available. It is recommended to upgrade the affected component.