By weakness (CWE)
CWE-201: related vulnerabilities
CVEs classified under CWE-201. Understanding the weakness class helps prioritize systemic fixes over one-off patches.
4 published vulnerabilities
- CVE-2026-4035HIGH 7.7
MLflow, a popular open-source machine learning platform, contains a credential exposure vulnerability affecting versions before 3.11.0. The flaw allows attackers to extract sensitive server-side environment variables—such as AWS credentials—by manipulating how the AI Gateway handles secrets. An attacker with basic authentication access (or no authentication in default setups) can craft requests that trick MLflow into exposing these credentials to attacker-controlled endpoints. This is particularly dangerous because exposed cloud credentials could allow further compromise of artifact repositories and downstream systems.
- CVE-2026-42673HIGH 7.5
Logtivity's Activity Logs plugin leaks sensitive information that should not be transmitted. The vulnerability allows unauthorized users to retrieve embedded sensitive data through the plugin's normal network communication channels. This affects all versions through 3.3.6 and requires patching to prevent data exposure.
- CVE-2026-42539MEDIUM 6.5
IRIS is a web-based platform used by incident response teams to collaborate and share technical details during security investigations. A vulnerability in versions before 2.4.28 causes the platform to leak sensitive information to authenticated users that those users should not have access to. This happens because the application returns unnecessary data in responses, exposing information beyond what the client application actually needs to function. An attacker with valid IRIS credentials can exploit this to view restricted incident data.
- CVE-2026-10101MEDIUM 6.3
ACM/MCE (Advanced Cluster Management / Multicluster Engine) inadvertently exposes container registry credentials in InfraEnv status messages when pull-secret validation fails. A user with read-only namespace access can view InfraEnv objects and extract the full `.dockerconfigjson` payload—including usernames, passwords, and base64-encoded authentication tokens—despite having no direct permission to read Secrets. This circumvents Kubernetes RBAC controls designed to keep registry credentials confidential.