Skip to main content

Openllm

1 CVEs product

Monthly

CVE-2026-15035 PyPI LOW Monitor

Command injection in bentoml OpenLLM 0.6.30 allows local low-privilege users to execute arbitrary shell commands by supplying crafted model repository directory name arguments to the `async_run_command` function in `src/openllm/common.py`. A public proof-of-concept exploit is available per the CVSS 4.0 E:P modifier and disclosure notes, though no CISA KEV listing exists and the project had not responded to responsible disclosure at the time of reporting. The CVSS 4.0 base score of 1.9 reflects a constrained real-world risk profile due to the strictly local attack vector and limited Low-rated confidentiality, integrity, and availability impact.

Command Injection Openllm
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.6%
EPSS 1% CVSS 1.9
LOW Monitor

Command injection in bentoml OpenLLM 0.6.30 allows local low-privilege users to execute arbitrary shell commands by supplying crafted model repository directory name arguments to the `async_run_command` function in `src/openllm/common.py`. A public proof-of-concept exploit is available per the CVSS 4.0 E:P modifier and disclosure notes, though no CISA KEV listing exists and the project had not responded to responsible disclosure at the time of reporting. The CVSS 4.0 base score of 1.9 reflects a constrained real-world risk profile due to the strictly local attack vector and limited Low-rated confidentiality, integrity, and availability impact.

Command Injection Openllm
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy