A vulnerability has been found in MLflow up to 3.9.x and classified as critical . This impacts an unknown function of the file /mlflow-artifacts/mpu/ of the component Multipart Upload Handler . This manipulation causes missing authorization. This vulnerability appears as CVE-2026-2651 . The attack may be initiated remotely. There is no available exploit. The affected component should be upgraded.