BentoML 的 Bentofile 配置文件存在路径遍历漏洞

该漏洞允许攻击者通过 bentofile.yaml 配置文件中的多个文件路径字段（description, docker.setupscript, docker.dockerfiletemplate, conda.environment_yml）进行路径遍历攻击。攻击者可以精心设计恶意 bentofile，当受害者构建时，将任意文件从文件系统中提取到 Bento 归档文件中。这使得攻击者能够将敏感文件（例如 SSH 密钥、凭据、环境变量）静默地嵌入到 Bento 中，并在将其推送到注册中心或部署时暴露这些文件。攻击者可以利用此漏洞窃取代码、密钥和其他敏感信息，从而破坏系统的安全性和完整性，并可能导致数据泄露和未经授权的访问。

Organizations heavily reliant on BentoML for deploying machine learning models, particularly those using shared Bento registries or automated build pipelines, are at increased risk. Teams using BentoML in CI/CD environments or those integrating BentoML with other systems that handle sensitive data are also particularly vulnerable.

• python: Monitor BentoML build processes for unusual file access patterns. Use strace or similar tools to observe file system calls made during Bento builds.

strace -e trace=file -p <bentoml_process_id>

• generic web: Inspect BentoML registry images for unexpected files or anomalies. Check the contents of deployed Bentos for suspicious files. • linux / server: Examine system logs for attempts to access files outside of the expected BentoML working directory. Use auditd to monitor file access events.

auditctl -w /path/to/bentoml/working/directory -p wa -k bentoml_access

1. 2026-01-26Disclosure

   disclosure

1. 已保留2026-01-21
2. 发布日期2026-01-26
3. 修改日期2026-02-03
4. EPSS 更新日期2026-03-23

为了缓解 CVE-2026-24123 漏洞，首要措施是立即升级 BentoML 至 1.4.34 或更高版本。如果升级会破坏现有系统，可以考虑回滚到之前的稳定版本，并严格审查 bentofile.yaml 配置文件，确保所有文件路径都是安全的。此外，可以使用 Web 应用防火墙 (WAF) 或代理服务器来过滤恶意请求，并限制对 BentoML 服务的访问。还可以通过监控 BentoML 构建过程中的文件访问行为来检测潜在的攻击。升级后，请验证 BentoML 版本是否已成功更新，并检查 Bento 构建过程中是否出现任何异常行为。