## https://sploitus.com/exploit?id=SAINT:A889F4756C4FAE4235980633026931A6
Added: 10/24/2025
CVE: CVE-2024-9070
### Background
BentoML is a Python library for building online serving systems optimized for AI apps and model inference.
### Problem
A deserialization vulnerability in the BentoML runner server allows remote attackers to execute arbitrary commands by sending a specially crafted pickle with args-number greater than 1.
### Resolution
Upgrade BentoML to a version higher than 1.3.4.post1. Don't run standalone BentoML runner servers.
### References
https://huntr.com/bounties/7be6fc22-be18-44ee-a001-ac7158d5e1a5
### Platforms
Linux