CVE-2026-44346 HIGH

CVE-2026-44346: BentoML: Dockerfile command injection via envs[*].name in bentofile.yaml

Vendor Bentoml

Product BentoML

Weakness CWE-78

Published May 27, 2026

Last update May 28, 2026

View on NVD All CVEs

CVSS base score

8.8/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.39, a malicious bentofile.yaml containing a newline-injected value in envs[*].name produces unquoted RUN directives in the BentoML-generated Dockerfile. When the victim runs bentoml containerize on the imported bento, those RUN directives execute on the host during docker build. This vulnerability is fixed in 1.4.39.

Key dates

02Disclosure timeline

May 27, 2026 CVE published

May 28, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2026-44346 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/78.html

Related vulnerabilities

CVE-2026-44346: BentoML: Dockerfile command injection via envs[*].name in bentofile.yaml

01Description

02Disclosure timeline

03References

04Related CVE