CVE-2026-15035 | bentoml OpenLLM 0.6.30 Model Repository Directory Name src/openllm/common.py async_run_command cmd command injection (Issue 1229)

SecurityVulns

A vulnerability has been found in bentoml OpenLLM 0.6.30 and classified as critical. This affects the function async_run_command of the file src/openllm/common.py of the component Model Repository Directory Name Handler. Performing a manipulation of the argument cmd results in command injection.

This vulnerability is known as CVE-2026-15035. Attacking locally is a requirement. Furthermore, an exploit is available.

The project was informed of the problem early through an issue report but has not responded yet.VulDB Recent EntriesRead More