CVE-2026-15035 is a low-severity vulnerability in Bentoml OpenLLM 0.6.30, affecting the async_run_command function in src/openllm/common.py, which is part of the Model Repository Directory Name Handler component. An attacker must have local access to exploit this vulnerability. The exploit has been made public, and the project has been informed but has not yet responded. The vulnerability allows for comma [truncated]
BentoML versions prior to 1.4.39 contain a template injection vulnerability in the container build pipeline. The Jinja2 template at `src/bentoml/_internal/container/frontend/dockerfile/templates/base_v2.j2` interpolates the `docker.base_image` configuration value without escaping, newline filtering, or validation. A maliciously crafted `bento.yaml` file with a multi-line `docker.base_image` value can inje [truncated]
A symlink-following vulnerability in BentoML's build packaging workflow allows attackers to exfiltrate local files from build hosts into Bento artifacts. When building untrusted repositories, attacker-controlled symlinks are dereferenced and their target file contents are copied into the generated artifact. This exposes sensitive files including cloud credentials, SSH keys, API tokens, and environment con [truncated]