23 matches found
CVE-2026-27961
Agenta is an open-source LLMOps platform. A Server-Side Template Injection SSTI vulnerability exists in versions prior to 0.86.8 in Agenta's API server evaluator template rendering. Although the vulnerable code lives in the SDK package, it is executed server-side within the API process when runni...
CVE-2026-27952
Agenta is an open-source LLMOps platform. In Agenta-API prior to version 0.48.1, a Python sandbox escape vulnerability existed in Agenta's custom code evaluator. Agenta used RestrictedPython as a sandboxing mechanism for user-supplied evaluator code, but incorrectly whitelisted the numpy package ...
Improper Neutralization of Special Elements Used in a Template Engine
Overview agenta is a The SDK for agenta is an open-source LLMOps platform. Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine in the API server evaluator template rendering. An attacker can execute arbitrary code on the server...
CVE-2026-27961
Agenta is an open-source LLMOps platform. A Server-Side Template Injection SSTI vulnerability exists in versions prior to 0.86.8 in Agenta's API server evaluator template rendering. Although the vulnerable code lives in the SDK package, it is executed server-side within the API process when runni...
PYSEC-2026-7
Agenta is an open-source LLMOps platform. A Server-Side Template Injection SSTI vulnerability exists in versions prior to 0.86.8 in Agenta's API server evaluator template rendering. Although the vulnerable code lives in the SDK package, it is executed server-side within the API process when runni...
PYSEC-2026-7
Agenta is an open-source LLMOps platform. A Server-Side Template Injection SSTI vulnerability exists in versions prior to 0.86.8 in Agenta's API server evaluator template rendering. Although the vulnerable code lives in the SDK package, it is executed server-side within the API process when runni...
PYSEC-2026-6
Agenta is an open-source LLMOps platform. In Agenta-API prior to version 0.48.1, a Python sandbox escape vulnerability existed in Agenta's custom code evaluator. Agenta used RestrictedPython as a sandboxing mechanism for user-supplied evaluator code, but incorrectly whitelisted the numpy package ...
CVE-2026-27952
Agenta is an open-source LLMOps platform. In Agenta-API prior to version 0.48.1, a Python sandbox escape vulnerability existed in Agenta's custom code evaluator. Agenta used RestrictedPython as a sandboxing mechanism for user-supplied evaluator code, but incorrectly whitelisted the numpy package ...
CVE-2026-27961 Agenta's Server-Side Template Injection (SSTI) via custom evaluator Jinja2 templates allows RCE
Agenta is an open-source LLMOps platform. A Server-Side Template Injection SSTI vulnerability exists in versions prior to 0.86.8 in Agenta's API server evaluator template rendering. Although the vulnerable code lives in the SDK package, it is executed server-side within the API process when runni...
CVE-2026-27961 Agenta's Server-Side Template Injection (SSTI) via custom evaluator Jinja2 templates allows RCE
Agenta is an open-source LLMOps platform. A Server-Side Template Injection SSTI vulnerability exists in versions prior to 0.86.8 in Agenta's API server evaluator template rendering. Although the vulnerable code lives in the SDK package, it is executed server-side within the API process when runni...
CVE-2026-27961 Agenta's Server-Side Template Injection (SSTI) via custom evaluator Jinja2 templates allows RCE
Agenta is an open-source LLMOps platform. A Server-Side Template Injection SSTI vulnerability exists in versions prior to 0.86.8 in Agenta's API server evaluator template rendering. Although the vulnerable code lives in the SDK package, it is executed server-side within the API process when runni...
CVE-2026-27961
Agenta is an open-source LLMOps platform. A Server-Side Template Injection SSTI vulnerability exists in versions prior to 0.86.8 in Agenta's API server evaluator template rendering. Although the vulnerable code lives in the SDK package, it is executed server-side within the API process when runni...
CVE-2026-27961
Agenta (open-source LLMOps platform) has a Server-Side Template Injection (SSTI) vulnerability in API server evaluator templates for versions prior to 0.86.8. The vulnerable code runs server-side within the API process (SDK code executed server-side) and does not affect standalone SDK usage; impa...
EUVD-2026-8817
Agenta is an open-source LLMOps platform. A Server-Side Template Injection SSTI vulnerability exists in versions prior to 0.86.8 in Agenta's API server evaluator template rendering. Although the vulnerable code lives in the SDK package, it is executed server-side within the API process when runni...
CVE-2026-27952
Summary of CVE-2026-27952 (Agenta) : The vulnerability affects the Agenta-API (self-hosted API server) prior to version 0.48.1. A Python sandbox escape in the custom code evaluator used RestrictedPython, but the sandbox allowlist erroneously included the numpy package. This allowed authenticated ...
EUVD-2026-8814
Agenta is an open-source LLMOps platform. In Agenta-API prior to version 0.48.1, a Python sandbox escape vulnerability existed in Agenta's custom code evaluator. Agenta used RestrictedPython as a sandboxing mechanism for user-supplied evaluator code, but incorrectly whitelisted the numpy package ...
CVE-2026-27952
Agenta is an open-source LLMOps platform. In Agenta-API prior to version 0.48.1, a Python sandbox escape vulnerability existed in Agenta's custom code evaluator. Agenta used RestrictedPython as a sandboxing mechanism for user-supplied evaluator code, but incorrectly whitelisted the numpy package ...
CVE-2026-27952 Agenta has Python Sandbox Escape, Leading to Remote Code Execution (RCE)
Agenta is an open-source LLMOps platform. In Agenta-API prior to version 0.48.1, a Python sandbox escape vulnerability existed in Agenta's custom code evaluator. Agenta used RestrictedPython as a sandboxing mechanism for user-supplied evaluator code, but incorrectly whitelisted the numpy package ...
PT-2026-22105
Name of the Vulnerable Software and Affected Versions Agenta versions prior to 0.86.8 Description Agenta is an open-source LLMOps platform. A Server-Side Template Injection SSTI issue exists in the API server evaluator template rendering for versions prior to 0.86.8. The vulnerable code is within...
Agenta 代码注入漏洞
Agenta is an open-source platform developed by Agenta for building production-grade large language model applications. Versions of Agenta prior to 0.48.1 contained a code injection vulnerability. This vulnerability stemmed from a sandbox error that allowed the numpy package, potentially leading t...