CVE-2026-33744

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2026-33744

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-33744.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2026-33744

Aliases

Published

2026-03-27T00:45:08.108Z

Modified

2026-05-20T11:56:02.713553421Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

BentoML has Dockerfile Command Injection via system_packages in bentofile.yaml

Details

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.37, the docker.system_packages field in bentofile.yaml accepts arbitrary strings that are interpolated directly into Dockerfile RUN commands without sanitization. Since system_packages is semantically a list of OS package names (data), users do not expect values to be interpreted as shell commands. A malicious bentofile.yaml achieves arbitrary command execution during bentoml containerize / docker build. Version 1.4.37 fixes the issue.

Database specific

{
    "cwe_ids": [
        "CWE-94"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/33xxx/CVE-2026-33744.json",
    "cna_assigner": "GitHub_M"
}

References

Affected packages

Git / github.com/bentoml/bentoml

Affected ranges

Type

GIT

Repo

https://github.com/bentoml/bentoml

Events

Introduced

Fixed

0772581584e76d3bd8211841fbb7c856fb350043

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.4.37"
        }
    ]
}

Affected versions

0.*

0.0.5-alpha

0.0.8.post1-beta

0.1.1-beta

0.1.2-beta

0.2.0-beta

0.2.1-beta

bentoml-release-v0.*

bentoml-release-v0.3.3

bentoml-release-v0.3.4

v0.*

v0.10.0

v0.10.1

v0.11.0

v0.12.0

v0.12.1

v0.13.0

v0.13.1

v0.4.0

v0.4.1

v0.4.2

v0.4.3

v0.4.4

v0.4.5

v0.4.6

v0.4.7

v0.4.8

v0.4.9

v0.5.0

v0.5.1

v0.5.2

v0.5.3

v0.5.4

v0.5.5

v0.5.6

v0.5.7

v0.5.8

v0.6.0

v0.6.1

v0.6.2

v0.6.3

v0.7.0

v0.7.1

v0.7.2

v0.7.3

v0.7.4

v0.7.5

v0.7.7

v0.7.8

v0.8.0

v0.8.1

v0.8.2

v0.8.3

v0.8.4

v0.8.5

v0.8.6

v0.9.0

v0.9.0.pre

v0.9.1

v0.9.2

v1.*

v1.0.0

v1.0.0-a1

v1.0.0-a2

v1.0.0-a3

v1.0.0-a4

v1.0.0-a5

v1.0.0-a6

v1.0.0-a7

v1.0.0-dev0

v1.0.0-rc0

v1.0.0-rc1

v1.0.0-rc2

v1.0.0-rc3

v1.0.0rc2

v1.0.10

v1.0.11

v1.0.12

v1.0.13

v1.0.14

v1.0.15

v1.0.16

v1.0.17

v1.0.18

v1.0.19

v1.0.2

v1.0.20

v1.0.21

v1.0.22

v1.0.23

v1.0.24

v1.0.25

v1.0.3

v1.0.4

v1.0.5

v1.0.6

v1.0.7

v1.0.8

v1.0.9

v1.1.0

v1.1.1

v1.1.10

v1.1.11

v1.1.2

v1.1.3

v1.1.4

v1.1.5

v1.1.6

v1.1.7

v1.1.8

v1.1.9

v1.2.0

v1.2.1

v1.2.10

v1.2.11

v1.2.12

v1.2.13

v1.2.14

v1.2.15

v1.2.16

v1.2.17

v1.2.18

v1.2.19

v1.2.1a1

v1.2.2

v1.2.20

v1.2.3

v1.2.4

v1.2.5

v1.2.6

v1.2.7

v1.2.8

v1.2.9

v1.3.0

v1.3.1

v1.3.10

v1.3.11

v1.3.12

v1.3.13

v1.3.14

v1.3.15

v1.3.16

v1.3.17

v1.3.18

v1.3.19

v1.3.2

v1.3.20

v1.3.21

v1.3.22

v1.3.3

v1.3.4

v1.3.4post1

v1.3.5

v1.3.6

v1.3.7

v1.3.8

v1.3.9

v1.4.0

v1.4.0a1

v1.4.0a2

v1.4.1

v1.4.10

v1.4.11

v1.4.12

v1.4.13

v1.4.14

v1.4.15

v1.4.16

v1.4.17

v1.4.18

v1.4.19

v1.4.2

v1.4.20

v1.4.21

v1.4.22

v1.4.23

v1.4.24

v1.4.25

v1.4.26

v1.4.27

v1.4.28

v1.4.29

v1.4.3

v1.4.30

v1.4.31

v1.4.32

v1.4.33

v1.4.34

v1.4.35

v1.4.36

v1.4.4

v1.4.5

v1.4.6

v1.4.7

v1.4.8

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-33744.json"