CVE-2026-2635
Published: 20 February 2026
Summary
CVE-2026-2635 is a high-severity Use of Default Password (CWE-1393) vulnerability in Zerodayinitiative (inferred from references). Its CVSS base score is 7.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 37.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as Other Platforms; in the Supply Chain and Deployment risk domain.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and IA-5 (Authenticator Management).
Deeper analysis
CVE-2026-2635 is an authentication bypass vulnerability in MLflow stemming from hard-coded default credentials in the basic_auth.ini file. The flaw affects MLflow installations and carries a CVSS score of 9.8, classified under CWE-1393. No authentication is required to reach the issue, which permits remote attackers to bypass login controls entirely.
An unauthenticated attacker can exploit the default credentials to gain administrative access and execute arbitrary code in that context. The vulnerability was originally reported as ZDI-CAN-28256.
A fix is referenced in the MLflow project pull request 19260, while the Zero Day Initiative advisory ZDI-26-111 supplies additional details on the issue. The associated EPSS score remains low, with a current value of 0.0152 and a peak of 0.0182. As an MLflow defect, the vulnerability is relevant to machine-learning infrastructure and experiment-tracking deployments.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-7766
Vulnerability details
MLflow Use of Default Password Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of MLflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the basic_auth.ini file. The file contains…
more
hard-coded default credentials. An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of the administrator. Was ZDI-CAN-28256.
- CWE(s)
AI Security AnalysisAI
- AI Category
- Other Platforms
- Risk Domain
- Supply Chain and Deployment
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: mlflow
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Default credentials in public-facing MLflow service directly enable remote auth bypass (T1190) via hardcoded defaults (T1078.001) leading to admin code execution.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires management of authenticators to prohibit hard-coded or default credentials such as those in basic_auth.ini.
Enforces authenticated access decisions so that default-credential bypass cannot grant administrator privileges.
Mandates secure configuration settings that would replace or disable the hard-coded defaults shipped in MLflow.