CVE-2026-44346
Newline Injection in BentoML Dockerfile RUN Directives
Publication date: 2026-05-27
Last updated on: 2026-05-27
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| banzaicloud | bentoml | to 1.4.39 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the BentoML Python library versions prior to 1.4.39. It occurs when a malicious bentofile.yaml file contains a newline-injected value in the envs[*].name field. This injection causes the BentoML-generated Dockerfile to include unquoted RUN directives. When a user runs the bentoml containerize command on the imported bento, these RUN directives are executed on the host machine during the Docker build process.
How can this vulnerability impact me? :
The vulnerability can lead to remote code execution on the host machine during the Docker build process. Because the injected RUN directives execute with the privileges of the user running the build, an attacker can execute arbitrary commands, potentially compromising the host system's confidentiality, integrity, and availability.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, upgrade BentoML to version 1.4.39 or later, where the issue has been fixed.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability enables remote code execution on the victim's build host, which can lead to unauthorized access, data exfiltration, and compromise of system integrity and availability.
Such impacts can affect compliance with standards and regulations like GDPR and HIPAA, which require protection of sensitive data, maintaining confidentiality, integrity, and availability of systems, and preventing unauthorized access.
If exploited, this vulnerability could result in breaches of personal or protected health information, thereby violating these regulations and potentially leading to legal and financial consequences.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by inspecting the bentofile.yaml files used in your BentoML projects for suspicious or newline-injected values in the envs[*].name fields. Since the issue arises during the docker build process triggered by the bentoml containerize command, monitoring or logging the Docker build commands and outputs for unexpected RUN directives can also help detect exploitation attempts.
Suggested commands to help detect this vulnerability include:
- Manually inspect bentofile.yaml files for newline or shell metacharacters in envs[*].name fields, e.g., using grep:
- grep -P '\n|;|&&|\|' bentofile.yaml
- Check Docker build logs for unexpected RUN commands executed during bentoml containerize:
- docker build --no-cache --progress=plain .
- Monitor running containers or hosts for suspicious processes spawned during docker build.
Additionally, ensure your BentoML version is updated to 1.4.39 or later to mitigate this vulnerability.