CVE-2026-44346

Name of the Vulnerable Software and Affected Versions BentoML versions prior to 1.4.39

Description BentoML is a Python library used for building online serving systems optimized for AI applications and model inference. A flaw exists where a malicious bentofile.yaml file containing a newline-injected value in the envs[*].name variable can produce unquoted RUN directives in the generated Dockerfile. When the bentoml containerize command is executed on the imported bento, these RUN directives are executed on the host system during the docker build process.

Recommendations Update to version 1.4.39.