CVE-2026-44345 | BentoML up to 1.4.38 base_v2.j2 docker.base_image os command injection

A vulnerability described as critical has been identified in BentoML up to 1.4.38. This affects an unknown function of the file src/bentoml/_internal/container/frontend/dockerfile/templates/base_v2.j2. The manipulation of the argument docker.base_image results in os command injection.

This vulnerability is reported as CVE-2026-44345. The attack can be launched remotely. No exploit exists.

Upgrading the affected component is recommended.VulDB Recent EntriesRead More