docker
Behoben in
1.4.39
1.4.38
1.4.39
CVE-2026-35044 is a remote code execution (RCE) vulnerability affecting BentoML, a Python library for building online serving systems for AI applications. An attacker can exploit this vulnerability by importing a malicious Bento archive and triggering the containerization process, leading to arbitrary Python code execution on the host machine, effectively bypassing container isolation. This vulnerability impacts versions of BentoML up to and including 1.4.38, and a fix is available in version 1.4.38.
The primary impact of CVE-2026-35044 is the potential for complete host compromise. An attacker who can successfully import a malicious Bento archive can execute arbitrary Python code with the privileges of the user running the bentoml containerize command. This could lead to data exfiltration, system takeover, or further attacks against other systems on the network. The vulnerability's ability to bypass container isolation significantly elevates the risk, as it circumvents a key security mechanism designed to isolate applications. This is similar to vulnerabilities that exploit Jinja2 templating engines where untrusted input is rendered without proper sanitization.
CVE-2026-35044 was publicly disclosed on 2026-04-06. The EPSS score is currently pending evaluation, but the RCE nature of the vulnerability suggests a potentially high probability of exploitation. Public proof-of-concept code is likely to emerge given the vulnerability's severity and the ease of exploitation. Monitor security advisories and threat intelligence feeds for updates.
Organizations deploying AI applications using BentoML are at risk, particularly those that allow users to import Bento archives from untrusted sources. Shared hosting environments where multiple users can import Bento archives pose a heightened risk, as a malicious archive could potentially compromise the entire host. Users relying on older BentoML versions or those with limited security controls around Bento archive imports are also particularly vulnerable.
• python: Monitor Python processes for unexpected behavior, particularly those related to BentoML containerization. Use tools like ps or top to identify suspicious processes.
ps aux | grep bentoml• linux / server: Examine system logs (e.g., /var/log/syslog, /var/log/auth.log) for errors or warnings related to BentoML or Jinja2.
journalctl -u bentoml | grep error• python: Check for unusual files or directories created during the BentoML containerization process. Look for files with suspicious names or extensions. • generic web: If BentoML is exposed via a web service, monitor access logs for requests that trigger the containerization process. Look for patterns indicative of malicious input.
disclosure
Exploit-Status
EPSS
0.04% (13% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2026-35044 is to upgrade BentoML to version 1.4.38 or later. If upgrading is not immediately feasible, consider restricting the sources from which Bento archives are imported to trusted locations only. Thoroughly review any Bento archives before importing them, paying close attention to any unusual or unexpected code. While a WAF or proxy cannot directly prevent this vulnerability, they can be configured to monitor for suspicious activity related to BentoML containerization processes. There are no specific Sigma or YARA rules available at this time, but monitoring Python process execution for unexpected behavior is recommended.
Actualice a la versión 1.4.38 o superior para mitigar la vulnerabilidad. Esta versión corrige el problema al eliminar el uso de un entorno Jinja2 sin protección en la generación de archivos Docker.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-35044 is a remote code execution vulnerability in BentoML versions up to 1.4.38. It allows attackers to execute arbitrary Python code on the host machine by importing malicious Bento archives.
You are affected if you are using BentoML versions 1.4.38 or earlier. Upgrade to 1.4.38 to resolve the vulnerability.
Upgrade BentoML to version 1.4.38 or later. Restrict the sources of Bento archives you import to trusted locations.
While active exploitation is not yet confirmed, the vulnerability's severity and ease of exploitation suggest a high likelihood of exploitation in the near future.
Refer to the official BentoML security advisory for detailed information and updates: [https://github.com/bentoml/bentoml/security/advisories/GHSA-5g93-449x-647f]
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine requirements.txt-Datei hoch und wir sagen dir sofort, ob du betroffen bist.