PatchSiren

bentoml CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

LOW bentoml CVE published 2026-07-08

CVE-2026-15035

CVE-2026-15035 is a low-severity vulnerability in Bentoml OpenLLM 0.6.30, affecting the async_run_command function in src/openllm/common.py, which is part of the Model Repository Directory Name Handler component. An attacker must have local access to exploit this vulnerability. The exploit has been made public, and the project has been informed but has not yet responded. The vulnerability allows for comma [truncated]

HIGH bentoml CVE published 2026-05-27

CVE-2026-44345

BentoML versions prior to 1.4.39 contain a template injection vulnerability in the container build pipeline. The Jinja2 template at `src/bentoml/_internal/container/frontend/dockerfile/templates/base_v2.j2` interpolates the `docker.base_image` configuration value without escaping, newline filtering, or validation. A maliciously crafted `bento.yaml` file with a multi-line `docker.base_image` value can inje [truncated]

MEDIUM bentoml CVE published 2026-05-22

CVE-2026-40610

A symlink-following vulnerability in BentoML's build packaging workflow allows attackers to exfiltrate local files from build hosts into Bento artifacts. When building untrusted repositories, attacker-controlled symlinks are dereferenced and their target file contents are copied into the generated artifact. This exposes sensitive files including cloud credentials, SSH keys, API tokens, and environment con [truncated]