10 matches found
CVE-2026-27952
Agenta is an open-source LLMOps platform. In Agenta-API prior to version 0.48.1, a Python sandbox escape vulnerability existed in Agenta's custom code evaluator. Agenta used RestrictedPython as a sandboxing mechanism for user-supplied evaluator code, but incorrectly whitelisted the numpy package ...
PYSEC-2026-7
Agenta is an open-source LLMOps platform. A Server-Side Template Injection SSTI vulnerability exists in versions prior to 0.86.8 in Agenta's API server evaluator template rendering. Although the vulnerable code lives in the SDK package, it is executed server-side within the API process when runni...
CVE-2026-27961
Agenta is an open-source LLMOps platform. A Server-Side Template Injection SSTI vulnerability exists in versions prior to 0.86.8 in Agenta's API server evaluator template rendering. Although the vulnerable code lives in the SDK package, it is executed server-side within the API process when runni...
PYSEC-2026-6
Agenta is an open-source LLMOps platform. In Agenta-API prior to version 0.48.1, a Python sandbox escape vulnerability existed in Agenta's custom code evaluator. Agenta used RestrictedPython as a sandboxing mechanism for user-supplied evaluator code, but incorrectly whitelisted the numpy package ...
CVE-2026-27952
Agenta is an open-source LLMOps platform. In Agenta-API prior to version 0.48.1, a Python sandbox escape vulnerability existed in Agenta's custom code evaluator. Agenta used RestrictedPython as a sandboxing mechanism for user-supplied evaluator code, but incorrectly whitelisted the numpy package ...
CVE-2026-27961 Agenta's Server-Side Template Injection (SSTI) via custom evaluator Jinja2 templates allows RCE
Agenta is an open-source LLMOps platform. A Server-Side Template Injection SSTI vulnerability exists in versions prior to 0.86.8 in Agenta's API server evaluator template rendering. Although the vulnerable code lives in the SDK package, it is executed server-side within the API process when runni...
CVE-2026-27952
Agenta is an open-source LLMOps platform. In Agenta-API prior to version 0.48.1, a Python sandbox escape vulnerability existed in Agenta's custom code evaluator. Agenta used RestrictedPython as a sandboxing mechanism for user-supplied evaluator code, but incorrectly whitelisted the numpy package ...
CVE-2026-27952
Agenta’s API server prior to v0.48.1 used RestrictedPython to sandbox user-supplied evaluator code, but incorrectly whitelisted numpy. An authenticated user could escape the sandbox via numpy.ma.core.inspect (exposing sys.modules) and achieve arbitrary code execution on the API server. The issue ...
CVE-2026-27952 Agenta has Python Sandbox Escape, Leading to Remote Code Execution (RCE)
Agenta is an open-source LLMOps platform. In Agenta-API prior to version 0.48.1, a Python sandbox escape vulnerability existed in Agenta's custom code evaluator. Agenta used RestrictedPython as a sandboxing mechanism for user-supplied evaluator code, but incorrectly whitelisted the numpy package ...
Agenta 安全漏洞
Agenta is an open-source platform developed by Agenta for building production-grade large language model applications. Versions of Agenta prior to 0.86.8 contained a security vulnerability. This vulnerability stemmed from server-side template injection in the API server’s template rendering...