# MLflow — SSRF through user-configurable webhook destinations
STATUS: ALMOST_REPORT (needs investigation; do not submit)
readiness: NEEDS_INVESTIGATION
program: MLflow | platform: huntr | repo: mlflow/mlflow | commit: 2026-02-12-scan

````
Repository URL: https://github.com/mlflow/mlflow
Package Manager: pip
Version Affected: latest (observed in 2026-02-12 scan)
Vulnerability Type: Server-Side Request Forgery (SSRF)
CVSS:
  Attack Vector: Network
  Attack Complexity: Low
  Privileges Required: Low
  User Interaction: None
  Scope: Changed
  Confidentiality: Low
  Integrity: None
  Availability: Low
Title: Webhook URL validation lacks internal host/IP protections
Impact: SSRF primitive for probing internal HTTPS services and relaying event payloads. Impact is constrained by HTTPS+POST behavior but still creates internal network access channel.
Description:

# Description

MLflow webhooks allow users to register callback URLs. Validation focuses on scheme constraints (HTTPS by default), but does not include hostname allowlisting or private/internal IP blocking. Event delivery then performs server-side POST requests to configured destinations.

# Proof of Concept

1. Create webhook pointing to collaborator endpoint and trigger matching event.
2. Confirm MLflow server sends outbound POST.
3. Create webhook with internal HTTPS URL and trigger same event.

Example create call concept:

```json
{
  "name": "ssrf-test",
  "url": "https://internal-service.corp:8443/api/v1",
  "events": [{"entity": "MODEL_VERSION", "action": "CREATED"}]
}
```

Expected vulnerable behavior: MLflow server sends POST to user-defined internal destination.

### Impact

SSRF primitive for probing internal HTTPS services and relaying event payloads. Impact is constrained by HTTPS+POST behavior but still creates internal network access channel.

### Occurrences

```
Permalink: https://github.com/mlflow/mlflow/blob/master/mlflow/webhooks/delivery.py#L183
Description: webhook delivery issues server-side requests to registered URL
```

### References

```
URL: https://cwe.mitre.org/data/definitions/918.html
Name: CWE-918: SSRF

URL: https://cheatsheetseries.owasp.org/cheatsheets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet.html
Name: OWASP SSRF Prevention Cheat Sheet
```

Occurrences:
  Permalink: https://github.com/mlflow/mlflow/blob/master/mlflow/webhooks/delivery.py#L183
  Description: webhook delivery issues server-side requests to registered URL
References:
  URL: https://cwe.mitre.org/data/definitions/918.html
  Name: CWE-918: SSRF
  URL: https://cheatsheetseries.owasp.org/cheatsheets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet.html
  Name: OWASP SSRF Prevention Cheat Sheet
````