Tachyon Discovers Auth Bypass Vulnerability in MLflow

We (at Tachyon) found an auth bypass in MLflow. The team identified the vulnerability by running their scanner on open-source repositories, which detected an inconsistency in authentication enforcement across certain APIs. The scanner inferred an invariant, tested it against the live service, and confirmed the bypass with a proof-of-concept (PoC) using unauthenticated endpoints. The discovery earned a $750 bounty for the reported issue.