CVE-2026-44346
Analyzed Analyzed - Analysis Complete
Newline Injection in BentoML Dockerfile RUN Directives

Publication date: 2026-05-27

Last updated on: 2026-06-02

Assigner: GitHub, Inc.

Description
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.39, a malicious bentofile.yaml containing a newline-injected value in envs[*].name produces unquoted RUN directives in the BentoML-generated Dockerfile. When the victim runs bentoml containerize on the imported bento, those RUN directives execute on the host during docker build. This vulnerability is fixed in 1.4.39.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-27
Last Modified
2026-06-02
Generated
2026-06-17
AI Q&A
2026-05-27
EPSS Evaluated
2026-06-15
NVD
CVE-2026-44346
EUVD
EUVD-2026-32609
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
bentoml bentoml to 1.4.39 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

This vulnerability enables remote code execution on the victim's build host, which can lead to unauthorized access, data exfiltration, and compromise of system integrity and availability.

Such impacts can affect compliance with standards and regulations like GDPR and HIPAA, which require protection of sensitive data, maintaining confidentiality, integrity, and availability of systems, and preventing unauthorized access.

If exploited, this vulnerability could result in breaches of personal or protected health information, thereby violating these regulations and potentially leading to legal and financial consequences.

Detection Guidance

This vulnerability can be detected by inspecting the bentofile.yaml files used in your BentoML projects for suspicious or newline-injected values in the envs[*].name fields. Since the issue arises during the docker build process triggered by the bentoml containerize command, monitoring or logging the Docker build commands and outputs for unexpected RUN directives can also help detect exploitation attempts.

Suggested commands to help detect this vulnerability include:

  • Manually inspect bentofile.yaml files for newline or shell metacharacters in envs[*].name fields, e.g., using grep:
  • grep -P '\n|;|&&|\|' bentofile.yaml
  • Check Docker build logs for unexpected RUN commands executed during bentoml containerize:
  • docker build --no-cache --progress=plain .
  • Monitor running containers or hosts for suspicious processes spawned during docker build.

Additionally, ensure your BentoML version is updated to 1.4.39 or later to mitigate this vulnerability.

Executive Summary

This vulnerability exists in the BentoML Python library versions prior to 1.4.39. It occurs when a malicious bentofile.yaml file contains a newline-injected value in the envs[*].name field. This injection causes the BentoML-generated Dockerfile to include unquoted RUN directives. When a user runs the bentoml containerize command on the imported bento, these RUN directives are executed on the host machine during the Docker build process.

Impact Analysis

The vulnerability can lead to remote code execution on the host machine during the Docker build process. Because the injected RUN directives execute with the privileges of the user running the build, an attacker can execute arbitrary commands, potentially compromising the host system's confidentiality, integrity, and availability.

Mitigation Strategies

To mitigate this vulnerability, upgrade BentoML to version 1.4.39 or later, where the issue has been fixed.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-44346. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart