CVE-2026-44346

Source
https://cve.org/CVERecord?id=CVE-2026-44346
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-44346.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-44346
Aliases
Published
2026-05-27T17:22:47.101Z
Modified
2026-07-08T08:13:28.160634893Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
BentoML: Dockerfile command injection via envs[*].name in bentofile.yaml
Details

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.39, a malicious bentofile.yaml containing a newline-injected value in envs[*].name produces unquoted RUN directives in the BentoML-generated Dockerfile. When the victim runs bentoml containerize on the imported bento, those RUN directives execute on the host during docker build. This vulnerability is fixed in 1.4.39.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/44xxx/CVE-2026-44346.json",
    "cwe_ids": [
        "CWE-78",
        "CWE-94"
    ],
    "cna_assigner": "GitHub_M"
}
References

Affected packages

Git / github.com/bentoml/bentoml

Affected ranges

Type
GIT
Repo
https://github.com/bentoml/bentoml
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "source": [
        "AFFECTED_FIELD",
        "CPE_RANGE"
    ],
    "cpe": "cpe:2.3:a:bentoml:bentoml:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.4.39"
        }
    ]
}

Affected versions

0.*
0.0.5-alpha
0.0.8.post1-beta
0.1.1-beta
0.1.2-beta
0.2.0-beta
0.2.1-beta
bentoml-release-v0.*
bentoml-release-v0.3.3
bentoml-release-v0.3.4
v0.*
v0.10.0
v0.10.1
v0.11.0
v0.12.0
v0.12.1
v0.13.0
v0.13.1
v0.4.0
v0.4.1
v0.4.2
v0.4.3
v0.4.4
v0.4.5
v0.4.6
v0.4.7
v0.4.8
v0.4.9
v0.5.0
v0.5.1
v0.5.2
v0.5.3
v0.5.4
v0.5.5
v0.5.6
v0.5.7
v0.5.8
v0.6.0
v0.6.1
v0.6.2
v0.6.3
v0.7.0
v0.7.1
v0.7.2
v0.7.3
v0.7.4
v0.7.5
v0.7.7
v0.7.8
v0.8.0
v0.8.1
v0.8.2
v0.8.3
v0.8.4
v0.8.5
v0.8.6
v0.9.0
v0.9.0.pre
v0.9.1
v0.9.2
v1.*
v1.0.0
v1.0.0-a1
v1.0.0-a2
v1.0.0-a3
v1.0.0-a4
v1.0.0-a5
v1.0.0-a6
v1.0.0-a7
v1.0.0-dev0
v1.0.0-rc0
v1.0.0-rc1
v1.0.0-rc2
v1.0.0-rc3
v1.0.0rc2
v1.0.10
v1.0.11
v1.0.12
v1.0.13
v1.0.14
v1.0.15
v1.0.16
v1.0.17
v1.0.18
v1.0.19
v1.0.2
v1.0.20
v1.0.21
v1.0.22
v1.0.23
v1.0.24
v1.0.25
v1.0.3
v1.0.4
v1.0.5
v1.0.6
v1.0.7
v1.0.8
v1.0.9
v1.1.0
v1.1.1
v1.1.10
v1.1.11
v1.1.2
v1.1.3
v1.1.4
v1.1.5
v1.1.6
v1.1.7
v1.1.8
v1.1.9
v1.2.0
v1.2.1
v1.2.10
v1.2.11
v1.2.12
v1.2.13
v1.2.14
v1.2.15
v1.2.16
v1.2.17
v1.2.18
v1.2.19
v1.2.1a1
v1.2.2
v1.2.20
v1.2.3
v1.2.4
v1.2.5
v1.2.6
v1.2.7
v1.2.8
v1.2.9
v1.3.0
v1.3.1
v1.3.10
v1.3.11
v1.3.12
v1.3.13
v1.3.14
v1.3.15
v1.3.16
v1.3.17
v1.3.18
v1.3.19
v1.3.2
v1.3.20
v1.3.21
v1.3.22
v1.3.3
v1.3.4
v1.3.4post1
v1.3.5
v1.3.6
v1.3.7
v1.3.8
v1.3.9
v1.4.0
v1.4.0a1
v1.4.0a2
v1.4.1
v1.4.10
v1.4.11
v1.4.12
v1.4.13
v1.4.14
v1.4.15
v1.4.16
v1.4.17
v1.4.18
v1.4.19
v1.4.2
v1.4.20
v1.4.21
v1.4.22
v1.4.23
v1.4.24
v1.4.25
v1.4.26
v1.4.27
v1.4.28
v1.4.29
v1.4.3
v1.4.30
v1.4.31
v1.4.32
v1.4.33
v1.4.34
v1.4.35
v1.4.36
v1.4.38
v1.4.4
v1.4.5
v1.4.6
v1.4.7
v1.4.8

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-44346.json"