BentoML runner server deserialization vulnerability

Added: 10/24/2025
CVE: CVE-2024-9070

Background

BentoML is a Python library for building online serving systems optimized for AI apps and model inference.

Problem

A deserialization vulnerability in the BentoML runner server allows remote attackers to execute arbitrary commands by sending a specially crafted pickle with args-number greater than 1.

Resolution

Upgrade BentoML to a version higher than 1.3.4.post1. Don't run standalone BentoML runner servers.

References

https://huntr.com/bounties/7be6fc22-be18-44ee-a001-ac7158d5e1a5

Platforms

Linux

Back to exploit index