Lucene search
K

220 matches found

EUVD
EUVD
added 3 days ago6 views

EUVD-2026-42271

A vulnerability was found in bentoml OpenLLM 0.6.30. This affects the function asyncruncommand of the file src/openllm/common.py of the component Model Repository Directory Name Handler. Performing a manipulation of the argument cmd results in command injection. Attacking locally is a requirement...

5.3CVSS5.8AI score0.01338EPSS
Exploits1References7
Cvelist
Cvelist
added 3 days ago32 views

CVE-2026-15035 bentoml OpenLLM Model Repository Directory Name common.py async_run_command command injection

A vulnerability was found in bentoml OpenLLM 0.6.30. This affects the function asyncruncommand of the file src/openllm/common.py of the component Model Repository Directory Name Handler. Performing a manipulation of the argument cmd results in command injection. Attacking locally is a requirement...

5.3CVSS0.01338EPSS
Exploits1References7
CVE
CVE
added 3 days ago11 views

CVE-2026-15035

Bentoml OpenLLM 0.6.30 is affected by a command-injection in async_run_command (src/openllm/common.py, Model Repository Directory Name Handler). The vulnerability stems from manipulation of the cmd argument, enabling local exploitation. Public exploit details exist, and attack requires local acce...

7.8CVSS5.8AI score0.01338EPSS
Exploits1References7Affected Software1
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-296 Insecure deserialization in BentoML

An insecure deserialization vulnerability exists in the BentoML framework, allowing remote code execution RCE by sending a specially crafted POST request. By exploiting this vulnerability, attackers can execute arbitrary commands on the server hosting the BentoML application. The vulnerability is...

9.8CVSS8.1AI score0.01497EPSS
Exploits0References6
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-297 BentoML SSRF Vulnerability in File Upload Processing

Description There's an SSRF in the file upload processing system that allows remote attackers to make arbitrary HTTP requests from the server without authentication. The vulnerability exists in the serialization/deserialization handlers for multipart form data and JSON requests, which automatical...

9.9CVSS6AI score0.11883EPSS
Exploits1References6
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-294 BentoML Allows Remote Code Execution (RCE) via Insecure Deserialization

Summary A Remote Code Execution RCE vulnerability caused by insecure deserialization has been identified in the latest versionv1.4.2 of BentoML. It allows any unauthenticated user to execute arbitrary code on the server. Details It exists an unsafe code segment in serde.py: Python def...

9.8CVSS7.7AI score0.3592EPSS
Exploits5References6
OSV
OSV
added 2026/06/29 11:50 a.m.7 views

PYSEC-2026-295 BentoML deserialization vulnerability

A deserialization vulnerability exists in BentoML's runner server in bentoml/bentoml versions =1.3.4.post1. By setting specific parameters, an attacker can execute unauthorized arbitrary code on the server, causing severe harm. The vulnerability is triggered when the args-number parameter is...

9.8CVSS7.8AI score0.00846EPSS
Exploits2References7
RedhatCVE
RedhatCVE
added 2026/06/05 7:11 p.m.12 views

CVE-2026-44345

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.39, src/bentoml/internal/container/frontend/dockerfile/templates/basev2.j2 interpolates docker.baseimage raw with no escaping, newline filtering, or validation. A malicious...

8.8CVSS5.6AI score0.00317EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/05/28 8:12 p.m.13 views

CVE-2026-44346

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.39, a malicious bentofile.yaml containing a newline-injected value in envs.name produces unquoted RUN directives in the BentoML-generated Dockerfile. When the victim runs bentom...

8.8CVSS5.9AI score0.00321EPSS
Exploits1References1
OSV
OSV
added 2026/05/27 6:16 p.m.10 views

PYSEC-2026-189

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.39, src/bentoml/internal/container/frontend/dockerfile/templates/basev2.j2 interpolates docker.baseimage raw with no escaping, newline filtering, or validation. A malicious...

8.8CVSS6AI score0.00317EPSS
Exploits1References1
vulnersOsv
vulnersOsv
added 2026/05/27 6:16 p.m.6 views

ai-dynamo (=0.1.0), bento2seldon (>=0.1.0 <=0.4.0) +16 more potentially affected by CVE-2026-44345 via bentoml (>=0.10.1 <=1.4.3)

bentoml PYPI version =0.10.1, =0.1.0, =0.1.0, =0.0.10, =0.0.5, =0.3.12, =0.0.1, =1.0.3, =0.0.10, =0.0.1, =0.0.1, =0.0.13 and more Source cves: CVE-2026-44345 Source advisory: OSV:PYSEC-2026-189...

8.8CVSS5.4AI score0.00317EPSS
Exploits1
PyPA
PyPA
added 2026/05/27 6:16 p.m.10 views

PYSEC-0000-CVE-2026-44345

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.39, src/bentoml/internal/container/frontend/dockerfile/templates/basev2.j2 interpolates docker.baseimage raw with no escaping, newline filtering, or validation. A malicious...

8.8CVSS5.9AI score0.00317EPSS
Exploits1References1Affected Software1
PyPA
PyPA
added 2026/05/27 6:16 p.m.12 views

PYSEC-2026-190

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.39, a malicious bentofile.yaml containing a newline-injected value in envs.name produces unquoted RUN directives in the BentoML-generated Dockerfile. When the victim runs bentom...

8.8CVSS5.9AI score0.00321EPSS
Exploits1References1Affected Software1
vulnersOsv
vulnersOsv
added 2026/05/27 6:16 p.m.5 views

ai-dynamo (=0.1.0), bento2seldon (>=0.1.0 <=0.4.0) +16 more potentially affected by CVE-2026-44346 via bentoml (>=0.10.1 <=1.4.3)

bentoml PYPI version =0.10.1, =0.1.0, =0.1.0, =0.0.10, =0.0.5, =0.3.12, =0.0.1, =1.0.3, =0.0.10, =0.0.1, =0.0.1, =0.0.13 and more Source cves: CVE-2026-44346 Source advisory: OSV:PYSEC-2026-190...

8.8CVSS5.4AI score0.00321EPSS
Exploits1
PyPA
PyPA
added 2026/05/27 6:16 p.m.10 views

PYSEC-0000-CVE-2026-44346

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.39, a malicious bentofile.yaml containing a newline-injected value in envs.name produces unquoted RUN directives in the BentoML-generated Dockerfile. When the victim runs bentom...

8.8CVSS5.9AI score0.00321EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2026/05/27 6:16 p.m.14 views

CVE-2026-44345

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.39, src/bentoml/internal/container/frontend/dockerfile/templates/basev2.j2 interpolates docker.baseimage raw with no escaping, newline filtering, or validation. A malicious...

8.8CVSS0.00317EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/27 5:24 p.m.44 views

CVE-2026-44345 BentoML: Dockerfile command injection via docker.base_image

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.39, src/bentoml/internal/container/frontend/dockerfile/templates/basev2.j2 interpolates docker.baseimage raw with no escaping, newline filtering, or validation. A malicious...

8.8CVSS0.00317EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/27 5:24 p.m.16 views

EUVD-2026-32610

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.39, src/bentoml/internal/container/frontend/dockerfile/templates/basev2.j2 interpolates docker.baseimage raw with no escaping, newline filtering, or validation. A malicious...

8.8CVSS5.9AI score0.00317EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 5:24 p.m.11 views

CVE-2026-44345

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.39, src/bentoml/internal/container/frontend/dockerfile/templates/basev2.j2 interpolates docker.baseimage raw with no escaping, newline filtering, or validation. A malicious...

8.8CVSS5.9AI score0.00317EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/05/27 5:24 p.m.26 views

CVE-2026-44345

CVE-2026-44345 affects BentoML. A multi-line value supplied to docker.base_image in bento.yaml is interpolated into the Dockerfile without escaping or validation, allowing an attacker-controlled Dockerfile fragment to inject arbitrary RUN directives. When bentoml containerize runs docker build, t...

8.8CVSS6AI score0.00317EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder