Bentoml
AI Threat Alert tracks 5 known AI/ML vulnerabilities affecting Bentoml products — each enriched with CVSS severity, EPSS exploit probability, patch status, and CISO-grade analysis. Browse every Bentoml CVE below, sorted by severity and recency.
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| HIGH | CVE-2026-27905 | bentoml: security flaw enables exploitation | bentoml | 7.8 |
| CRITICAL | CVE-2025-27520 | BentoML: unauthenticated RCE via insecure deserialization | bentoml | 9.8 |
| CRITICAL | CVE-2025-32375 | BentoML: RCE via insecure deserialization in runner | bentoml | 9.8 |
| CRITICAL | CVE-2025-54381 | BentoML: unauthenticated SSRF via file upload URLs | bentoml | 9.9 |
| MEDIUM | CVE-2026-24123 | bentoml: Path Traversal enables file access | bentoml | 6.5 |
Frequently asked questions
How many known vulnerabilities affect Bentoml?
5 AI/ML CVEs affecting Bentoml products are tracked, sourced from NVD and GitHub Advisory.
What Bentoml products are affected?
The CVEs below map to the Bentoml AI/ML packages and tools tracked by AI Threat Alert; open any CVE to see the affected components and versions.
Where does the Bentoml vulnerability data come from?
Data is sourced from NVD and GitHub Advisory, then enriched with CVSS severity, EPSS exploit probability, and patch status for each CVE.
How can I monitor Bentoml for new vulnerabilities?
AI Threat Alert tracks Bentoml continuously; a Pro subscription adds breaking alerts when new CVEs affecting Bentoml are published.
How do I assess Bentoml's security exposure?
Each CVE below carries CVSS severity and exploitation signals, so you can review the highest-severity Bentoml issues first and judge the exposure for your stack.