CVE 8.8 HIGH

BentoML: Dockerfile command injection via envs[*].name in bentofile.yaml_CVE-2026-44346

May 27, 2026 invoker category_cve

8.8 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Description

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.39, a malicious bentofile.yaml containing a newline-injected value in envs[*].name produces unquoted RUN directives in the BentoML-generated Dockerfile. When the victim runs bentoml containerize on the imported bento, those RUN directives execute on the host during docker build. This vulnerability is fixed in 1.4.39.

AI Analysis

Dockerfile command injection via envs[*].name in bentofile.yaml

Basic Information

ID CVE-2026-44346

Source GitHub_M

Published May 27, 2026 at 17:22

Affected Product

Vendor bentoml

Product BentoML

Version < 1.4.39

Affected Versions bentoml BentoML < 1.4.39

CWE Classification

CWE-78 CWE-94

AI Assessment

AI Score 8.8 / 10

AI Severity High

Vendor BentoML

Product BentoML

Version < 1.4.39

References

github.com /bentoml/BentoML/security/advisories/GHSA-w2pm-x38x-jp44

{
    "lastseen": "",
    "description": "BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.39, a malicious bentofile.yaml containing a newline-injected value in envs[*].name produces unquoted RUN directives in the BentoML-generated Dockerfile. When the victim runs bentoml containerize on the imported bento, those RUN directives execute on the host during docker build. This vulnerability is fixed in 1.4.39.",
    "published": "2026-05-27T17:22:47.101Z",
    "modified": "2026-05-27T17:22:47.101Z",
    "type": "cve",
    "title": "BentoML: Dockerfile command injection via envs[*].name in bentofile.yaml",
    "source": "GitHub_M",
    "references": "https://github.com/bentoml/BentoML/security/advisories/GHSA-w2pm-x38x-jp44",
    "id": "CVE-2026-44346",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78",
        "CWE-94"
    ],
    "cvelist": null,
    "sourceData": "bentoml BentoML < 1.4.39",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "BentoML",
    "version": "< 1.4.39",
    "vendor": "bentoml",
    "ai_description": "Dockerfile command injection via envs[*].name in bentofile.yaml",
    "ai_severity": "High",
    "ai_vendor": "BentoML",
    "ai_product": "BentoML",
    "ai_version": "< 1.4.39",
    "ai_score": 8.8
}

💭 Join the Security Discussion ❌ Cancel Reply