{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-23T00:54:40.555","vulnerabilities":[{"cve":{"id":"CVE-2026-27905","sourceIdentifier":"security-advisories@github.com","published":"2026-03-03T23:15:55.897","lastModified":"2026-03-05T21:04:51.123","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.36, the safe_extract_tarfile() function validates that each tar member's path is within the destination directory, but for symlink members it only validates the symlink's own path, not the symlink's target. An attacker can create a malicious bento/model tar file containing a symlink pointing outside the extraction directory, followed by a regular file that writes through the symlink, achieving arbitrary file write on the host filesystem. This vulnerability is fixed in 1.4.36."},{"lang":"es","value":"BentoML es una librería de Python para construir sistemas de servicio en línea optimizados para aplicaciones de IA e inferencia de modelos. Antes de la versión 1.4.36, la función safe_extract_tarfile() valida que la ruta de cada miembro del archivo tar esté dentro del directorio de destino, pero para los miembros de enlace simbólico solo valida la ruta del propio enlace simbólico, no el objetivo del enlace simbólico. Un atacante puede crear un archivo tar malicioso bento/model que contenga un enlace simbólico que apunte fuera del directorio de extracción, seguido de un archivo regular que escriba a través del enlace simbólico, logrando una escritura de archivo arbitraria en el sistema de archivos del host. Esta vulnerabilidad se corrigió en la versión 1.4.36."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-59"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:bentoml:bentoml:*:*:*:*:*:*:*:*","versionEndExcluding":"1.4.36","matchCriteriaId":"BDC86E82-4716-43D1-AC14-3934F86B38E8"}]}]}],"references":[{"url":"https://github.com/bentoml/BentoML/commit/4e0eb007765ac04c7924220d643f264715cc9670","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/bentoml/BentoML/security/advisories/GHSA-m6w7-qv66-g3mf","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Vendor Advisory"]}]}}]}