BentoML Patches Critical Symlink Traversal Flaw in Build Pipeline via Security Update to v1.4.39

BentoML has released version 1.4.39 as a security-patched update addressing a critical information disclosure vulnerability tracked as CVE-2026-40610 (GHSA-mcfx-4vc6-qgxv). The flaw resides in the `bentoml build` packaging workflow, where an attacker-controlled symlink traversal within the build context could enable unauthorized file access during the build process. The OpenSSF Scorecard indicates the BentoML project maintains an active security posture, with the update moving from patch version 1.4.38 to 1.4.39.

The vulnerability specifically targets symlink handling logic in BentoML's build context processing. When `bentoml build` constructs a deployment package, it processes files referenced within the build context. If an attacker can inject or control symlinks pointing to files outside the intended directory structure, the build workflow would follow those links and copy the referenced content—potentially exposing sensitive files such as credentials, configuration data, or internal artifacts not meant for inclusion in the final package.

The disclosure raises concerns for organizations using BentoML in automated CI/CD pipelines or multi-tenant environments where untrusted users may influence build configurations. Affected teams should prioritize upgrading to version 1.4.39 immediately. Users are advised to audit existing build contexts for unexpected symlinks and review access controls around project dependency handling. The BentoML project maintains a dependency dashboard for tracking ongoing security-relevant updates across its dependency chain.