CVE 8.8 HIGH

BentoML: Dockerfile command injection via docker.base_image_CVE-2026-44345

May 27, 2026 invoker category_cve

8.8 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Description

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.39, src/bentoml/_internal/container/frontend/dockerfile/templates/base_v2.j2 interpolates docker.base_image raw with no escaping, newline filtering, or validation. A malicious bento.yaml with a multi-line docker.base_image value smuggles arbitrary Dockerfile directives into the generated Dockerfile, and bentoml containerize then runs docker build which executes the injected RUN directives on the victim host. This vulnerability is fixed in 1.4.39.

AI Analysis

Dockerfile command injection via docker.base_image

Basic Information

ID CVE-2026-44345

Source GitHub_M

Published May 27, 2026 at 17:24

Modified May 27, 2026 at 18:00

Affected Product

Vendor bentoml

Product BentoML

Version < 1.4.39

Affected Versions bentoml BentoML < 1.4.39

CWE Classification

CWE-78

AI Assessment

AI Score 8.8 / 10

AI Severity High

Vendor BentoML

Product BentoML

Version < 1.4.39

References

github.com /bentoml/BentoML/security/advisories/GHSA-78f9-r8mh-4xm2

{
    "lastseen": "",
    "description": "BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.39, src/bentoml/_internal/container/frontend/dockerfile/templates/base_v2.j2 interpolates docker.base_image raw with no escaping, newline filtering, or validation. A malicious bento.yaml with a multi-line docker.base_image value smuggles arbitrary Dockerfile directives into the generated Dockerfile, and bentoml containerize then runs docker build which executes the injected RUN directives on the victim host. This vulnerability is fixed in 1.4.39.",
    "published": "2026-05-27T17:24:18.789Z",
    "modified": "2026-05-27T18:00:32.386Z",
    "type": "cve",
    "title": "BentoML: Dockerfile command injection via docker.base_image",
    "source": "GitHub_M",
    "references": "https://github.com/bentoml/BentoML/security/advisories/GHSA-78f9-r8mh-4xm2",
    "id": "CVE-2026-44345",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78"
    ],
    "cvelist": null,
    "sourceData": "bentoml BentoML < 1.4.39",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "BentoML",
    "version": "< 1.4.39",
    "vendor": "bentoml",
    "ai_description": "Dockerfile command injection via docker.base_image",
    "ai_severity": "High",
    "ai_vendor": "BentoML",
    "ai_product": "BentoML",
    "ai_version": "< 1.4.39",
    "ai_score": 8.8
}

💭 Join the Security Discussion ❌ Cancel Reply