{"data":{"id":"adcb521f-8a86-47a7-8cbe-59d6f4dc71be","title":"GHSA-mcfx-4vc6-qgxv: BentoML has Information Disclosure in `bentoml build` via symlink traversal in the build context","summary":"BentoML's `bentoml build` command has a symlink traversal vulnerability (following attacker-controlled symbolic links, which are shortcuts to files) that allows attackers to copy files from outside the build directory into the generated Bento artifact (the packaged application). If a developer builds an untrusted repository, an attacker can hide a symlink pointing to sensitive files like credentials or API tokens, and these files will be copied into the final package where they could be leaked through export or upload workflows.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-mcfx-4vc6-qgxv","publishedAt":"2026-05-07T16:39:47.000Z","cveId":"CVE-2026-40610","cweIds":null,"cvssScore":null,"cvssSeverity":"medium","severity":"medium","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":["bentoml@<= 1.4.38 (fixed: 1.4.39)"],"affectedVendors":[],"affectedVendorsRaw":["BentoML"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":true,"disclosureDate":"2026-05-07T16:39:47.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":["AML.T0010"]}}