CVE-2026-35044

HIGH SEVERITY

CVSS Score & Metrics

Base Score

8.8 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H                                    

Vulnerability Description

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.38, the Dockerfile generation function generate_containerfile() in src/bentoml/_internal/container/generate.py uses an unsandboxed jinja2.Environment with the jinja2.ext.do extension to render user-provided dockerfile_template files. When a victim imports a malicious bento archive and runs bentoml containerize, attacker-controlled Jinja2 template code executes arbitrary Python directly on the host machine, bypassing all container isolation. This vulnerability is fixed in 1.4.38.

Vulnerability Details

Published Date

April 03, 2026

Last Modified

April 10, 2026

CWE ID

CWE-1336

Source

GitHub

Vendor

pip

Product

bentoml

External References

https://github.com/bentoml/BentoML/security/advisories/GHSA-v959-cwq9-7hr6
https://github.com/advisories/GHSA-v959-cwq9-7hr6

CVE-2026-35044

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment