CVE-2026-3198 Blast Radius

MEDIUM • CVSS 6.5MLflow 3.9.0 with basic-auth (`--app-name basic-auth`) fails to enforce authorization checks for multiple Gateway API 'list' endpoints. Specifically,

Is Your Infrastructure Using These Packages?

EchelonGraph automatically scans your cloud infrastructure and SBOMs to map your exposure to vulnerabilities like CVE-2026-3198.

Start Free Scan →← Back to CVE-2026-3198