A vulnerability categorized as problematic has been discovered in MLflow up to 4666cffc7912ea606d592fc38d6a75e2935f65e7 . The impacted element is an unknown function of the component Experiment-scoped Label Schema CRUD API . Such manipulation leads to missing authorization. This vulnerability is referenced as CVE-2026-13484 . It is possible to launch the attack remotely. Furthermore, an exploit is available. A reply to the GitHub issue explains, that "[t]he labeling schema PR has not been merged