CVE-2026-44346
HIGHBentoML: Dockerfile command injection via envs[*].name in bentofile.yaml
Title source: cnaDescription
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.39, a malicious bentofile.yaml containing a newline-injected value in envs[*].name produces unquoted RUN directives in the BentoML-generated Dockerfile. When the victim runs bentoml containerize on the imported bento, those RUN directives execute on the host during docker build. This vulnerability is fixed in 1.4.39.
References (1)
Core 1
Core References
X_Refsource_Confirm x_refsource_confirm
https://github.com/bentoml/BentoML/security/advisories/GHSA-w2pm-x38x-jp44
Scores
CVSS v3
8.8
EPSS
0.0027
EPSS Percentile
19.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-78
CWE-94
Status
published
Products (3)
bentoml/bentoml
< 1.4.39
bentoml/BentoML
< 1.4.39
pypi/bentoml
0 - 1.4.39PyPI
Published
May 27, 2026
Tracked Since
May 27, 2026