CVE-2026-44345
Analyzed Analyzed - Analysis Complete
Dockerfile Directive Injection in BentoML

Publication date: 2026-05-27

Last updated on: 2026-06-02

Assigner: GitHub, Inc.

Description
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.39, src/bentoml/_internal/container/frontend/dockerfile/templates/base_v2.j2 interpolates docker.base_image raw with no escaping, newline filtering, or validation. A malicious bento.yaml with a multi-line docker.base_image value smuggles arbitrary Dockerfile directives into the generated Dockerfile, and bentoml containerize then runs docker build which executes the injected RUN directives on the victim host. This vulnerability is fixed in 1.4.39.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-27
Last Modified
2026-06-02
Generated
2026-06-17
AI Q&A
2026-05-27
EPSS Evaluated
2026-06-15
NVD
CVE-2026-44345
EUVD
EUVD-2026-32610
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
bentoml bentoml to 1.4.39 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the BentoML Python library versions prior to 1.4.39. The issue is in the way the library processes the docker.base_image value in the bento.yaml configuration file. Specifically, the value is interpolated into a Dockerfile template without any escaping, newline filtering, or validation.

A maliciously crafted bento.yaml file can include a multi-line docker.base_image value that injects arbitrary Dockerfile directives. When BentoML runs the containerize command, it generates a Dockerfile that includes these injected directives and then executes docker build. This causes the injected RUN commands to be executed on the host machine, potentially allowing an attacker to run arbitrary code.

This vulnerability was fixed in BentoML version 1.4.39.

Impact Analysis

This vulnerability can have severe impacts because it allows an attacker to execute arbitrary commands on the host system where the BentoML containerization process is run.

  • Remote code execution on the host machine without requiring privileges.
  • Potential full compromise of the host system, including data theft, system manipulation, or further attacks.
  • Disruption of services running on the host due to malicious commands.
  • Loss of confidentiality, integrity, and availability of the affected system.
Mitigation Strategies

To mitigate this vulnerability, upgrade BentoML to version 1.4.39 or later, where the issue has been fixed.

Compliance Impact

The provided information does not specify how this vulnerability impacts compliance with common standards and regulations such as GDPR or HIPAA.

Detection Guidance

This vulnerability can be detected by inspecting the contents of the bento.yaml files used in your BentoML deployments, specifically checking the docker.base_image field for multi-line values or suspicious newline characters that could indicate an attempt to inject Dockerfile directives.

You can also monitor the Docker build process triggered by bentoml containerize for unexpected RUN commands or other Dockerfile instructions that do not match the expected base image usage.

Suggested commands to help detect this vulnerability include:

  • Use grep or similar tools to find multi-line or suspicious docker.base_image entries in bento.yaml files: grep -Pzo 'docker\.base_image:.*\n.+' bento.yaml
  • Check for newline characters or unusual whitespace in the docker.base_image field: grep -E '\\n|\r' bento.yaml
  • Monitor Docker build logs for unexpected RUN commands during bentoml containerize execution.
  • Audit the version of BentoML in use and ensure it is updated to 1.4.39 or later, where this vulnerability is fixed.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-44345. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart