Symlink Vulnerability in BentoML Python Library for AI Applications
CVE-2026-40610

5.5MEDIUM

Key Information:

Vendor

Bentoml

Status
Bentoml
Vendor
CVE Published:
22 May 2026

What is CVE-2026-40610?

BentoML, a Python library designed for creating online serving systems for AI applications, has a vulnerability in its build packaging workflow. This issue, present in versions 1.4.38 and earlier, allows an attacker to exploit attacker-controlled symlinks during the build context. If a user builds from an untrusted repository, the attacker can create symlinks to sensitive local files on the build host. When the process runs, these symlinks are dereferenced, leading to sensitive file contents being included in the generated Bento artifact. This could involve the exposure of critical information such as cloud credentials, SSH keys, API tokens, and other sensitive configurations. As Bento artifacts are commonly shared, exported, or containerized, the implications of this vulnerability extend beyond the original machine, potentially compromising the security of multiple systems. The issue has been addressed in BentoML version 1.4.39.

Affected Version(s)

BentoML < 1.4.39

References

https://github.com/bentoml/BentoML/security/advisories/GH...
x_refsource_CONFIRM
https://github.com/bentoml/BentoML/commit/5fb7cd41f92e2a5...
x_refsource_MISC
https://github.com/bentoml/BentoML/releases/tag/v1.4.39
x_refsource_MISC

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.