Platform
python
Component
bentoml
Fixed in
1.4.35
1.4.34
CVE-2026-24123 describes a Path Traversal vulnerability within BentoML, a Python framework for deploying machine learning models. This flaw allows attackers to extract arbitrary files from the filesystem and embed them within Bento archives, posing a significant supply chain risk. The vulnerability impacts versions of BentoML up to 1.4.9, and a fix is available in version 1.4.34.
The core of the vulnerability lies in BentoML's bentofile.yaml configuration file. Several fields within this file—description, docker.setupscript, docker.dockerfiletemplate, and conda.environment_yml—are susceptible to path traversal attacks. An attacker can craft a malicious bentofile.yaml that, when processed by BentoML during the build process, allows them to read files outside of the intended directory. This extracted data can then be silently included in the resulting Bento archive. The potential impact is severe, as this enables attackers to embed sensitive information—such as SSH keys, credentials, or environment variables—within seemingly benign Bento packages. These compromised Bentos can then be pushed to registries or deployed, effectively spreading the compromise to downstream users. This represents a classic supply chain attack vector, where a trusted component is leveraged to distribute malicious payloads.
CVE-2026-24123 was publicly disclosed on January 26, 2026. While no public proof-of-concept (PoC) code has been released at the time of writing, the vulnerability's nature and potential impact suggest a medium probability of exploitation. The vulnerability has not yet been added to the CISA KEV catalog. The ease of crafting a malicious bentofile.yaml and the potential for widespread distribution through Bento registries make this a concerning vulnerability.
Exploit Status
EPSS
0.01% (1% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-24123 is to upgrade to BentoML version 1.4.34 or later, which contains the fix. If upgrading is not immediately feasible, consider implementing stricter file access controls on the BentoML build environment to limit the attacker's ability to read sensitive files. Additionally, carefully review any bentofile.yaml files from untrusted sources before building Bentos. Implement input validation on file paths used within the bentofile.yaml to prevent traversal attempts. Consider using a Web Application Firewall (WAF) or proxy to filter requests containing suspicious path patterns. After upgrading, confirm the fix by attempting to build a Bento with a bentofile.yaml containing a path traversal payload (e.g., ../sensitive_file.txt) and verifying that the file is not included in the resulting archive.
Actualice la biblioteca BentoML a la versión 1.4.34 o superior. Esto corregirá la vulnerabilidad de path traversal en la configuración de `bentofile.yaml`. Puede actualizar usando `pip install bentoml==1.4.34` o una versión más reciente.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-24123 is a Path Traversal vulnerability in BentoML versions up to 1.4.9, allowing attackers to extract files from the filesystem and embed them in Bento archives, posing a supply chain risk.
You are affected if you are using BentoML versions 1.4.9 or earlier. Upgrade to 1.4.34 or later to mitigate the vulnerability.
The recommended fix is to upgrade to BentoML version 1.4.34 or later. Implement stricter file access controls and review bentofile.yaml files from untrusted sources.
While no public exploits are currently known, the vulnerability's nature suggests a potential for exploitation, and proactive mitigation is recommended.
Refer to the official BentoML security advisories and release notes on the BentoML GitHub repository for the most up-to-date information.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your requirements.txt file and we'll tell you instantly if you're affected.