Metrics
Affected Vendors & Products
Wed, 08 Jul 2026 15:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 08 Jul 2026 14:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A vulnerability was found in bentoml OpenLLM 0.6.30. This affects the function async_run_command of the file src/openllm/common.py of the component Model Repository Directory Name Handler. Performing a manipulation of the argument cmd results in command injection. Attacking locally is a requirement. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet. | |
| Title | bentoml OpenLLM Model Repository Directory Name common.py async_run_command command injection | |
| First Time appeared |
Bentoml
Bentoml openllm |
|
| Weaknesses | CWE-74 CWE-77 |
|
| CPEs | cpe:2.3:a:bentoml:openllm:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Bentoml
Bentoml openllm |
|
| References |
| |
| Metrics |
cvssV2_0
|
Status: PUBLISHED
Assigner: VulDB
Published:
Updated: 2026-07-08T14:20:35.536Z
Reserved: 2026-07-08T07:41:07.309Z
Link: CVE-2026-15035
Updated: 2026-07-08T14:20:32.251Z
No data.
No data.
OpenCVE Enrichment
No data.