| CVE |
Severity |
CVSS |
Risk |
Published |
Description |
Impact |
| CVE-2026-44346 |
high |
8.8 |
8.8 |
14h ago |
Dockerfile command injection via envs[*].name in bentofile.yaml (sibling fix-bypass of CVE-2026-33744 and CVE-2026-35043) |
|
| CVE-2026-44345 |
high |
8.8 |
8.8 |
17d ago |
BentoML Dockerfile command injection via docker.base_image (sister of pending GHSA-w2pm-x38x-jp44 / CVE-2026-33744 / CVE-2026-35043) |
|
| CVE-2026-40610 |
medium |
5.5 |
5.5 |
5d ago |
BentoML has Information Disclosure in `bentoml build` via symlink traversal in the build context |
|