Skip to main content

OpenLLM EUVDEUVD-2026-42271

| CVE-2026-15035 LOW
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') (CWE-74)
2026-07-08 cna@vuldb.com GHSA-6499-56p8-f7rq
1.9
CVSS 4.0 · Vendor: vuldb

Severity by source

Vendor (vuldb) PRIMARY
1.9 LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
5.3 MEDIUM

Local attack requiring low-privilege credentials with no scope change and limited Low-bounded impact across all three pillars.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Primary rating from Vendor (vuldb).

CVSS VectorVendor: vuldb

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

1
Analysis Generated
Jul 08, 2026 - 14:57 vuln.today

DescriptionCVE.org

A vulnerability was found in bentoml OpenLLM 0.6.30. This affects the function async_run_command of the file src/openllm/common.py of the component Model Repository Directory Name Handler. Performing a manipulation of the argument cmd results in command injection. Attacking locally is a requirement. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.

AnalysisAI

Command injection in bentoml OpenLLM 0.6.30 allows local low-privilege users to execute arbitrary shell commands by supplying crafted model repository directory name arguments to the async_run_command function in src/openllm/common.py. A public proof-of-concept exploit is available per the CVSS 4.0 E:P modifier and disclosure notes, though no CISA KEV listing exists and the project had not responded to responsible disclosure at the time of reporting. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain local low-privilege access
Delivery
Identify model repository directory name input surface
Exploit
Craft argument with shell metacharacters
Execution
Trigger async_run_command with malicious input
Impact
Execute injected commands at OpenLLM process privilege level

Vulnerability AssessmentAI

Exploitation Exploitation requires local system access with at minimum low-privilege credentials (AV:L/PR:L per the CVSS 4.0 vector) - remote exploitation is not possible based on available data. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Real-world risk is meaningfully constrained by several converging signals. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A local user with low-privilege access to a system running OpenLLM 0.6.30 crafts a model repository directory name containing shell metacharacters (e.g., semicolons, backticks, or pipe characters) and supplies it as input to an OpenLLM model management operation. The `async_run_command` function in `src/openllm/common.py` passes the unsanitized argument to a shell or subprocess context, causing injected commands to execute with the privileges of the OpenLLM process. …
Remediation No vendor-released patch has been identified at time of analysis; the OpenLLM project had not responded to the responsible disclosure as of the report date. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-42271 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy