Critical remote unauthenticated system/cloud takeover in major AI tool (opens in new tab)

Pretty brutal. Took me about 3 days to find. I suspect there's more.

* Unauthenticated

* Remote

* No user interaction

* No prerequisite knowledge or environment setup

* Large adoption on MLflow in AI engineering workflows

Here's the GitHub Security Advisory: https://github.com/mlflow/mlflow/security/advisories/GHSA-xg...

Wow, this is a pretty important find. Thanks for the responsible disclosure!