Package impact
PIP / bentoml
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2026-44346 | high | 8.8 | 8.8 | 23h ago | BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.39, a malicious bentofile.yaml containing a newline-injected value in envs[*].n… | |
| CVE-2026-44345 | high | 8.8 | 8.8 | 17d ago | BentoML Dockerfile command injection via docker.base_image (sister of pending GHSA-w2pm-x38x-jp44 / CVE-2026-33744 / CVE-2026-35043) | |
| CVE-2026-40610 | medium | 5.5 | 5.5 | 6d ago | BentoML has Information Disclosure in `bentoml build` via symlink traversal in the build context |