2 matches found
CVE-2026-15035 bentoml OpenLLM Model Repository Directory Name common.py async_run_command command injection
A vulnerability was found in bentoml OpenLLM 0.6.30. This affects the function asyncruncommand of the file src/openllm/common.py of the component Model Repository Directory Name Handler. Performing a manipulation of the argument cmd results in command injection. Attacking locally is a requirement...
CVE-2026-15035
Bentoml OpenLLM 0.6.30 contains a command injection in the async_run_command function (src/openllm/common.py, Model Repository Directory Name Handler). The vulnerability is triggered by manipulating the cmd argument and is exploitable locally. Public exploit details exist; the issue was reported ...