GHSA-mcfx-4vc6-qgxv: BentoML has Information Disclosure in `bentoml build` via symlink traversal in the build context
mediumvulnerability
security
Summary
BentoML's `bentoml build` command has a symlink traversal vulnerability (following attacker-controlled symbolic links, which are shortcuts to files) that allows attackers to copy files from outside the build directory into the generated Bento artifact (the packaged application). If a developer builds an untrusted repository, an attacker can hide a symlink pointing to sensitive files like credentials or API tokens, and these files will be copied into the final package where they could be leaked through export or upload workflows.
Vulnerability Details
EPSS (30-day exploit probability)
EPSS: 0.0%
Patch Available
Yes
Disclosure Date
May 7, 2026
Classification
Attack Type
Supply Chain
Attack SophisticationModerate
Impact (CIA+S)
confidentialityintegrity
Taxonomy References
MITRE ATLAS (AI/ML Threat Technique)
Affected Vendors
Affected Packages
bentoml@<= 1.4.38 (fixed: 1.4.39)
Related Issues
Monthly digest — independent AI security research
Original source: https://github.com/advisories/GHSA-mcfx-4vc6-qgxv
First tracked: May 7, 2026 at 02:00 PM
Classified by LLM (prompt v3) · confidence: 95%