GHSA-fgv4-6jr3-jgfw: BentoML: Command Injection in cloud deployment setup script
highvulnerability
security
Summary
BentoML has a command injection vulnerability in its cloud deployment setup script where user-supplied system packages are inserted directly into shell commands without proper escaping. An attacker can craft a malicious bentofile.yaml file that executes arbitrary commands on BentoCloud's build infrastructure (the servers that prepare applications for deployment) when the application is deployed, potentially stealing secrets or compromising the infrastructure.
Vulnerability Details
EPSS (30-day exploit probability)
EPSS: 0.0%
Patch Available
Yes
Disclosure Date
April 3, 2026
Classification
Attack Type
Supply Chain
Attack SophisticationModerate
Impact (CIA+S)
integrityconfidentiality
Taxonomy References
MITRE ATLAS (AI/ML Threat Technique)
Affected Vendors
HuggingFace
Affected Packages
bentoml@<= 1.4.37 (fixed: 1.4.38)
Related Issues
Monthly digest — independent AI security research
Original source: https://github.com/advisories/GHSA-fgv4-6jr3-jgfw
First tracked: April 3, 2026 at 08:00 PM
Classified by LLM (prompt v3) · confidence: 95%