Improper Neutralization of Special Elements Used in a Template Engine

Overview pyspur is a PySpur is a Graph UI for building AI Agents in Python Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine via the SingleLLMCallNode function. An attacker can execute unauthorized template code and potential...

CVE-2025-6518

A vulnerability was found in PySpur-Dev pyspur up to 0.1.18. It has been classified as critical. Affected is the function SingleLLMCallNode of the file backend/pyspur/nodes/llm/singlellmcall.py of the component Jinja2 Template Handler. The manipulation of the argument usermessage leads to imprope...