MEDIUM
bentoml
CVE published 2026-05-22
CVE-2026-40610
A symlink-following vulnerability in BentoML's build packaging workflow allows attackers to exfiltrate local files from build hosts into Bento artifacts. When building untrusted repositories, attacker-controlled symlinks are dereferenced and their target file contents are copied into the generated artifact. This exposes sensitive files including cloud credentials, SSH keys, API tokens, and environment con [truncated]