top of page
perceptive_background_267k.jpg

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.38, the Dockerfile generation function g…

Published:

5 April 2026 at 22:00:00

Alert date:

6 April 2026 at 19:03:35

Source:

nvd.nist.gov

Click to open the original link from this advisory

Supply Chain & Dependencies, Web Technologies, Emerging Technologies

BentoML Python library contains a critical vulnerability prior to version 1.4.38 where the Dockerfile generation function uses an unsandboxed jinja2.Environment. Attackers can exploit this by importing malicious bento archives that contain Jinja2 template code. When victims run 'bentoml containerize', the malicious template executes arbitrary Python code on the host machine. This vulnerability bypasses container isolation and allows complete host compromise. The issue affects AI applications using BentoML for model serving and has been fixed in version 1.4.38.

Technical details

Mitigation steps:

Affected products:

BentoML

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-35044
https://github.com/bentoml/BentoML/security/advisories/GHSA-v959-cwq9-7hr6

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page