Cyber Resilience

CVE-2026-2635

HighUpdated

Published: 20 February 2026

Published
20 February 2026
Modified
30 June 2026
KEV Added
Patch
CVSS Score v3.1 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
EPSS Score 0.0113 62.3th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-2635 is a high-severity Use of Default Password (CWE-1393) vulnerability in Zerodayinitiative (inferred from references). Its CVSS base score is 7.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 37.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as Other Platforms; in the Supply Chain and Deployment risk domain.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and IA-5 (Authenticator Management).

Deeper analysis

CVE-2026-2635 is an authentication bypass vulnerability in MLflow stemming from hard-coded default credentials in the basic_auth.ini file. The flaw affects MLflow installations and carries a CVSS score of 9.8, classified under CWE-1393. No authentication is required to reach the issue, which permits remote attackers to bypass login controls entirely.

An unauthenticated attacker can exploit the default credentials to gain administrative access and execute arbitrary code in that context. The vulnerability was originally reported as ZDI-CAN-28256.

A fix is referenced in the MLflow project pull request 19260, while the Zero Day Initiative advisory ZDI-26-111 supplies additional details on the issue. The associated EPSS score remains low, with a current value of 0.0152 and a peak of 0.0182. As an MLflow defect, the vulnerability is relevant to machine-learning infrastructure and experiment-tracking deployments.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

MLflow Use of Default Password Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of MLflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the basic_auth.ini file. The file contains…

more

hard-coded default credentials. An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of the administrator. Was ZDI-CAN-28256.

CWE(s)

AI Security AnalysisAI

AI Category
Other Platforms
Risk Domain
Supply Chain and Deployment
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: mlflow

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1078.001 Default Accounts Stealth
Adversaries may obtain and abuse credentials of a default account as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.
Why these techniques?

Default credentials in public-facing MLflow service directly enable remote auth bypass (T1190) via hardcoded defaults (T1078.001) leading to admin code execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-24429Shared CWE-1393
CVE-2025-26793Shared CWE-1393
CVE-2025-66050Shared CWE-1393
CVE-2025-2347Shared CWE-1393
CVE-2025-22938Shared CWE-1393
CVE-2024-49559Shared CWE-1393
CVE-2026-33784Shared CWE-1393
CVE-2024-43659Shared CWE-1393
CVE-2025-26701Shared CWE-1393
CVE-2025-14917Shared CWE-1393

Affected Assets

Zerodayinitiative
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires management of authenticators to prohibit hard-coded or default credentials such as those in basic_auth.ini.

prevent

Enforces authenticated access decisions so that default-credential bypass cannot grant administrator privileges.

prevent

Mandates secure configuration settings that would replace or disable the hard-coded defaults shipped in MLflow.

References