CVE-2026-15035
A vulnerability was found in bentoml OpenLLM 0.6.30. This affects the function async_run_command of the file src/openllm/common.py of the co
CVSS
5.3
Medio
EPSS
1.3%
p68
KEV
—
Exploit Today
20
0-100
Publicado: 8 jul 2026 · Última mod.: 9 jul 2026 · CWE-74 · CWE-77 · CWE-78
0.6%EPSS · 30 días1.3%
2026-07-092026-07-16
A vulnerability was found in bentoml OpenLLM 0.6.30. This affects the function async_run_command of the file src/openllm/common.py of the component Model Repository Directory Name Handler. Performing a manipulation of the argument cmd results in command injection. Attacking locally is a requirement. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.
- github.comhttps://github.com/bentoml/OpenLLM/
- github.comhttps://github.com/bentoml/OpenLLM/issues/1229
- github.comhttps://github.com/bentoml/OpenLLM/pull/1235
- vuldb.comhttps://vuldb.com/cve/CVE-2026-15035
- vuldb.comhttps://vuldb.com/submit/850895
- vuldb.comhttps://vuldb.com/vuln/376786
- vuldb.comhttps://vuldb.com/vuln/376786/cti
CVECVSSEPSSKEVRExplotTítuloVis.
CVE-2026-341978.8 ALT99.9%
KEV—80Apache ActiveMQ Improper Input Validation Vulnerability2dCVE-2024-121210.0 CRÍ99.9%
KEV—80Progress Kemp LoadMaster OS Command Injection Vulnerability3dCVE-2022-262589.8 CRÍ99.6%
KEV—80D-Link DIR-820L Remote Code Execution Vulnerability8dCVE-2026-422718.8 ALT99.6%
KEV—80BerriAI LiteLLM Command Injection Vulnerability2dCVE-2021-252988.8 ALT99.5%
KEV—80Nagios XI OS Command Injection8dCVE-2021-252978.8 ALT98.9%
KEV—80Nagios XI OS Command Injection8d