CVE-2026-35043

Name of the Vulnerable Software and Affected Versions BentoML versions prior to 1.4.38

Description BentoML contains a remote code execution (RCE) issue in the cloud deployment path within src/bentoml/ internal/cloud/deployment.py. Specifically, line 1648 interpolates system packages directly into a shell command using an f-string without proper quoting. This allows for command injection when the generated script, setup.sh, is uploaded to BentoCloud and executed during deployment. The vulnerability arises because the fix implemented in commit ce53491, which added shlex.quote to other areas of the code, was not applied to this specific path. The system packages values from bentofile.yaml are joined with spaces and directly interpolated into the apt-get install command, enabling an attacker to inject arbitrary commands. A proof of concept demonstrates that a malicious bentofile.yaml can be crafted to exfiltrate the hostname of the build infrastructure. This could lead to supply chain attacks, insider threats, or broader CI/CD compromise.

Recommendations Update to BentoML version 1.4.38 or later.