CVE-2026-40610

Name of the Vulnerable Software and Affected Versions BentoML versions prior to 1.4.39

Description The bentoml build packaging workflow follows attacker-controlled symlinks within the build context and copies the referenced file contents into the generated Bento artifact. This occurs because the system does not validate if the resolved path of a file remains inside the build context before dereferencing the source path. An attacker can place a symlink pointing to sensitive local files on the build host, such as cloud credentials, SSH keys, API tokens, or environment files. When the build process runs, these files are packaged into the Bento artifact and can be further leaked through export, push, or containerization workflows.

Recommendations Update to version 1.4.39.