CVE-2026-44345
BaseFortify
Publication date: 2026-05-27
Last updated on: 2026-05-27
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| bentoml | bentoml | to 1.4.39 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the BentoML Python library versions prior to 1.4.39. The issue is in the way the library processes the docker.base_image value in the bento.yaml configuration file. Specifically, the value is interpolated into a Dockerfile template without any escaping, newline filtering, or validation.
A maliciously crafted bento.yaml file can include a multi-line docker.base_image value that injects arbitrary Dockerfile directives. When BentoML runs the containerize command, it generates a Dockerfile that includes these injected directives and then executes docker build. This causes the injected RUN commands to be executed on the host machine, potentially allowing an attacker to run arbitrary code.
This vulnerability was fixed in BentoML version 1.4.39.
How can this vulnerability impact me? :
This vulnerability can have severe impacts because it allows an attacker to execute arbitrary commands on the host system where the BentoML containerization process is run.
- Remote code execution on the host machine without requiring privileges.
- Potential full compromise of the host system, including data theft, system manipulation, or further attacks.
- Disruption of services running on the host due to malicious commands.
- Loss of confidentiality, integrity, and availability of the affected system.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, upgrade BentoML to version 1.4.39 or later, where the issue has been fixed.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how this vulnerability impacts compliance with common standards and regulations such as GDPR or HIPAA.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by inspecting the contents of the bento.yaml files used in your BentoML deployments, specifically checking the docker.base_image field for multi-line values or suspicious newline characters that could indicate an attempt to inject Dockerfile directives.
You can also monitor the Docker build process triggered by bentoml containerize for unexpected RUN commands or other Dockerfile instructions that do not match the expected base image usage.
Suggested commands to help detect this vulnerability include:
- Use grep or similar tools to find multi-line or suspicious docker.base_image entries in bento.yaml files: grep -Pzo 'docker\.base_image:.*\n.+' bento.yaml
- Check for newline characters or unusual whitespace in the docker.base_image field: grep -E '\\n|\r' bento.yaml
- Monitor Docker build logs for unexpected RUN commands during bentoml containerize execution.
- Audit the version of BentoML in use and ensure it is updated to 1.4.39 or later, where this vulnerability is fixed.