PYSEC-0000-CVE-2026-44346

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.39, a malicious bentofile.yaml containing a newline-injected value in envs.name produces unquoted RUN directives in the BentoML-generated Dockerfile. When the victim runs bentom...

CVE-2026-44346

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.39, a malicious bentofile.yaml containing a newline-injected value in envs.name produces unquoted RUN directives in the BentoML-generated Dockerfile. When the victim runs bentom...

BentoML 代码注入漏洞

BentoML is an open-source model service library developed by BentoML. It is used to build high-performance and scalable artificial intelligence applications using Python. Prior to BentoML 1.4.39, there was a code injection vulnerability. This vulnerability stemmed from the envs.name value...

CVE-2026-33744

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.37, the docker.systempackages field in bentofile.yaml accepts arbitrary strings that are interpolated directly into Dockerfile RUN commands without sanitization. Since...

CVE-2026-33744

BentoML is affected by a Dockerfile command Injection via the docker.system_packages field in bentofile.yaml. The field’s values are interpolated directly into shell commands without sanitization, allowing a crafted package entry to execute arbitrary commands during bentoml containerize or docker...

EUVD-2026-16513

BentoML has Dockerfile Command Injection via systempackages in bentofile.yaml...

BentoML < 1.4.34 Path Traversal

The version of the BentoML library installed on the remote host is prior to 1.4.34. It is, therefore, affected by a path traversal vulnerability: - BentoML's bentofile.yaml configuration allows path traversal attacks through multiple file path fields description, docker.setupscript,...

CVE-2026-24123

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to version 1.4.34, BentoML's bentofile.yaml configuration allows path traversal attacks through multiple file path fields description, docker.setupscript, docker.dockerfiletemplate,...

CVE-2026-24123 BentoML has a Path Traversal via Bentofile Configuration

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to version 1.4.34, BentoML's bentofile.yaml configuration allows path traversal attacks through multiple file path fields description, docker.setupscript, docker.dockerfiletemplate,...

BentoML path traversal vulnerability

BentoML is an open-source model service library developed by BentoML. It is used to build high-performance and scalable artificial intelligence applications using Python. Versions of BentoML prior to 1.4.34 contained a path traversal vulnerability. This vulnerability stemmed from the bentofile.ya...

PT-2026-4828

Name of the Vulnerable Software and Affected Versions BentoML versions prior to 1.4.34 Description BentoML contains a path traversal flaw in the bentofile.yaml configuration. An attacker can craft a malicious bentofile.yaml that, when processed by BentoML, allows the exfiltration of arbitrary fil...