CVE-2026-15035 in OpenLLMinfo

Summary

by MITRE • 07/08/2026

A vulnerability was found in bentoml OpenLLM 0.6.30. This affects the function async_run_command of the file src/openllm/common.py of the component Model Repository Directory Name Handler. Performing a manipulation of the argument cmd results in command injection. Attacking locally is a requirement. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Analysis

by VulDB Data Team • 07/08/2026

This vulnerability resides within the bentoml OpenLLM framework version 0.6.30, specifically targeting the async_run_command function located in src/openllm/common.py. The flaw manifests as a command injection vulnerability that occurs when manipulating the cmd argument parameter within the Model Repository Directory Name Handler component. This represents a critical security weakness that allows adversaries to execute arbitrary commands on the system where the application is running.

The technical implementation of this vulnerability stems from insufficient input validation and sanitization within the command execution flow. When the async_run_command function processes user-supplied input through the cmd parameter, it fails to properly escape or validate special characters that could alter the intended command structure. This allows attackers to inject malicious commands that get executed with the privileges of the application process, potentially leading to full system compromise when combined with local attack vectors.

From an operational perspective, this vulnerability requires local access to exploit, which limits its immediate impact but does not eliminate the risk entirely. The fact that a public exploit exists significantly increases the threat surface, as any local user or attacker with access to the system can leverage this flaw. The delayed response from the project maintainers creates additional concern, as it suggests potential gaps in vulnerability management processes and could leave users exposed for extended periods without remediation.

The vulnerability aligns with CWE-78, which specifically addresses OS Command Injection, and maps to ATT&CK technique T1059.003 for command and script injection. This classification indicates that the flaw enables adversaries to execute commands through system interfaces, potentially leading to privilege escalation, data exfiltration, or system persistence mechanisms. The local requirement for exploitation suggests this vulnerability may be particularly concerning in environments where multiple users share the same system or where privilege escalation opportunities exist.

Organizations should immediately implement mitigations including input validation and sanitization of all command parameters, restricting local access privileges where possible, and monitoring for suspicious command execution patterns. The project maintainers must prioritize patch development and deployment while implementing proper security review processes to prevent similar vulnerabilities in future releases. Additionally, users should consider temporary workarounds such as disabling affected functionality until patches are available, while also establishing incident response procedures to detect potential exploitation attempts through system logs and audit trails.

Responsible

VulDB

Disclosure

07/08/2026

Moderation

accepted

CPE

ready

Exploit

Download

EPSS

0.00000

KEV

no

Activities

low

Sources

Want to know what is going to be exploited?

We predict KEV entries!