A vulnerability was found in mlflow up to 3.10.x . It has been declared as problematic . Affected by this issue is some unknown functionality. The manipulation of the argument ENV_VAR results in insertion of sensitive information into sent data. This vulnerability is cataloged as CVE-2026-4035 . The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.