{"data":{"id":"a6f15166-325d-42ef-9763-85cff77243ce","title":"CVE-2026-24123: BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to vers","summary":"BentoML, a Python library for serving AI models, had a vulnerability (before version 1.4.34) that allowed path traversal attacks (exploiting file path inputs to access files outside intended directories) through its configuration file. An attacker could trick a user into building a malicious configuration that would steal sensitive files like SSH keys or passwords and hide them in the compiled application, potentially exposing them when shared or deployed.","solution":"Update BentoML to version 1.4.34 or later, which contains a patch for this issue.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-24123","publishedAt":"2026-01-27T04:16:08.460Z","cveId":"CVE-2026-24123","cweIds":["CWE-22"],"cvssScore":"7.4","cvssSeverity":"high","severity":"high","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["BentoML"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00011,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-126"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"inference","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}