A vulnerability has been found in MLflow up to 3.9.x and classified as critical . This vulnerability affects unknown code of the component REST API . Performing a manipulation of the argument BEFORE_REQUEST_VALIDATORS/AFTER_REQUEST_HANDLERS results in improper access controls. This vulnerability was named CVE-2026-2734 . The attack may be initiated remotely. There is no available exploit. The affected component should be upgraded.