CVE-2026-24123: BentoML has a Path Traversal via Bentofile Configuration

January 26, 2026 (updated January 29, 2026)

BentoML’s bentofile.yaml configuration allows path traversal attacks through multiple file path fields (description, docker.setup_script, docker.dockerfile_template, conda.environment_yml). An attacker can craft a malicious bentofile that, when built by a victim, exfiltrates arbitrary files from the filesystem into the bento archive. This enables supply chain attacks where sensitive files (SSH keys, credentials, environment variables) are silently embedded in bentos and exposed when pushed to registries or deployed.

References

github.com/advisories/GHSA-6r62-w2q3-48hf
github.com/bentoml/BentoML
github.com/bentoml/BentoML/commit/84d08cfeb40c5f2ce71b3d3444bbaa0fb16b5ca4
github.com/bentoml/BentoML/releases/tag/v1.4.34
github.com/bentoml/BentoML/security/advisories/GHSA-6r62-w2q3-48hf
nvd.nist.gov/vuln/detail/CVE-2026-24123

Code Behaviors & Features

Detect and mitigate CVE-2026-24123 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →