CVE-2026-27905

Name of the Vulnerable Software and Affected Versions BentoML versions prior to 1.4.36

Description BentoML is a Python library used for building online serving systems for AI applications and model inference. The safe extract tarfile() function does not fully validate symlink targets within tar files, potentially allowing an attacker to write arbitrary files on the host filesystem. Specifically, the function validates the symlink's path but not the path to which the symlink points. An attacker can create a malicious tar file containing a symlink that points outside the intended extraction directory, followed by a file that, when extracted, writes data through the symlink to a location outside the extraction directory.

Recommendations Update BentoML to version 1.4.36 or later.