4 matches found
CVE-2026-44346
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.39, a malicious bentofile.yaml containing a newline-injected value in envs.name produces unquoted RUN directives in the BentoML-generated Dockerfile. When the victim runs bentom...
ai-dynamo (=0.1.0), bentoctl (=0.2.3) +6 more potentially affected by CVE-2026-44346 via bentoml (>=1.0.0a7 <=1.4.3)
bentoml PYPI version =1.0.0a7, =1.0.1, =0.3.12, =0.0.1, =1.0.3, =0.0.10, =0.6.20 - raptor-labsdk =0.3.2 Source cves: CVE-2026-44346 Source advisory: SNYK:PYTHON-BENTOML-16642315...
ai-dynamo (=0.1.0), bento2seldon (>=0.1.0 <=0.4.0) +16 more potentially affected by CVE-2026-44346 via bentoml (>=0.10.1 <=1.4.3)
bentoml PYPI version =0.10.1, =0.1.0, =0.1.0, =0.0.10, =0.0.5, =0.3.12, =0.0.1, =1.0.3, =0.0.10, =0.0.1, =0.0.1, =0.0.13 and more Source cves: CVE-2026-44346 Source advisory: OSV:GHSA-W2PM-X38X-JP44...
CVE-2026-44346
creationtimestamp| type| source ---|---|--- 2026-05-07 10:39:30+00:00| published-proof-of-concept| https://github.com/bentoml/BentoML/security/advisories/GHSA-w2pm-x38x-jp44...