CVE-2026-15035
Bentoml OpenLLM 0.6.30 contains a command injection in the async_run_command function (src/openllm/common.py, Model Repository Directory Name Handler). The vulnerability is triggered by manipulating the cmd argument and is exploitable locally. Public exploit details exist; the issue was reported ...