CVE-2026-33866 — MLflow is vulnerable to an authorization bypass affecting the AJAX endpoint used to download saved model artifacts. Due to missing access‑control validation, a user without permissions to a given expe — CVE Database · The Intelligence Room