What is the CVSS score of CVE-2026-24123?

CVE-2026-24123 has a CVSS 3.1 base score of 7.4 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N. EPSS exploitation probability: 0.0%.

Which versions of Python are affected by CVE-2026-24123?

A HIGH severity vulnerability (CVE-2026-24123) affects BentoML, a Python library used for AI model serving infrastructure.. A patch is available.

How to fix or mitigate CVE-2026-24123?

Within 24 hours: Identify all systems and applications using BentoML and assess their criticality and internet exposure. Within 7 days: Apply the available vendor patch to all affected BentoML instances, prioritizing production and customer-facing systems. Within 30 days: Conduct post-patch validation testing and update vulnerability management records to confirm remediation across the entire inventory.

Python CVE-2026-24123

HIGH

Path Traversal (CWE-22)

2026-01-26 security-advisories@github.com

GHSA-6r62-w2q3-48hf

Python Docker Path Traversal AI / ML Bentoml

7.4

CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

7.4 HIGH

AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:00 vuln.today

Patch released

Feb 03, 2026 - 15:07 nvd

Patch available

CVE Published

Jan 26, 2026 - 23:16 nvd

HIGH 7.4

DescriptionGitHub Advisory

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to version 1.4.34, BentoML's bentofile.yaml configuration allows path traversal attacks through multiple file path fields (description, docker.setup_script, docker.dockerfile_template, conda.environment_yml). An attacker can craft a malicious bentofile that, when built by a victim, exfiltrates arbitrary files from the filesystem into the bento archive. This enables supply chain attacks where sensitive files (SSH keys, credentials, environment variables) are silently embedded in bentos and exposed when pushed to registries or deployed. Version 1.4.34 contains a patch for the issue.

AnalysisAI

BentoML versions prior to 1.4.34 allow path traversal attacks through improperly validated file path fields in bentofile.yaml configurations, enabling attackers to embed arbitrary files from the victim's system into bento archives during the build process. This vulnerability can be exploited to exfiltrate sensitive data such as credentials, SSH keys, and environment variables into supply chain artifacts that may be pushed to registries or deployed in production environments. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Craft malicious bentofile.yaml with path traversal payloads

Delivery

Distribute bentofile to victim developer

Exploit

Victim builds bento archive via BentoML

Execution

Arbitrary files exfiltrated into archive

Impact

Sensitive credentials exposed in supply chain

Access

Craft malicious bentofile.yaml with path traversal payloads

Delivery

Distribute bentofile to victim developer

Exploit

Victim builds bento archive via BentoML

Execution

Arbitrary files exfiltrated into archive

Impact

Sensitive credentials exposed in supply chain

Vulnerability AssessmentAI

Exploitation	Victim must build a BentoML project using attacker-controlled bentofile.yaml containing path traversal sequences in path fields (description, docker.setup_script, docker.dockerfile_template, conda.environment_yml). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	CVSS 7.4 (HIGH). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker could exploit this vulnerability to compromise the affected system.
Remediation	A vendor patch is available — apply it immediately. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all systems and applications using BentoML and assess their criticality and internet exposure. …

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-48039 CRITICAL Act Now POC

9.1 Jun 11

Unauthenticated remote attackers can invoke MCP tool handlers and exfiltrate the operator's long-lived Meta Graph API ac

CVE-2026-53753 CRITICAL Act Now

9.8 Jun 16

Unauthenticated remote code execution in Crawl4AI versions <= 0.8.6 allows attackers to escape the AST-based sandbox in

CVE-2026-48519 CRITICAL Act Now

9.6 Jun 16

Remote code execution in Langflow versions through 1.9.1 allows unauthenticated attackers to execute arbitrary Python co

CVE-2026-45833 CRITICAL Act Now

9.4 Jun 12

Authenticated remote code execution in ChromaDB Python project versions 0.4.17 and later enables attackers holding the U

CVE-2026-47103 CRITICAL Act Now

9.3 Jun 17

Remote code execution in python-statemachine 3.0.0 through 3.1.x allows attackers to run arbitrary Python in the host pr

CVE-2026-24123 vulnerability details – vuln.today

Back

Python CVE-2026-24123

Severity by source

CVSS VectorGitHub Advisory

Lifecycle Timeline

DescriptionGitHub Advisory

AnalysisAI

Unlock full vulnerability intelligence

Attack ChainAIDerived

Vulnerability AssessmentAI

Recommended ActionAI

More from same product – last 7 days

Share

External POC / Exploit Code