22 matches found
CVE-2026-27961
Agenta is an open-source LLMOps platform. A Server-Side Template Injection SSTI vulnerability exists in versions prior to 0.86.8 in Agenta's API server evaluator template rendering. Although the vulnerable code lives in the SDK package, it is executed server-side within the API process when runni...
CVE-2026-27952
Agenta is an open-source LLMOps platform. In Agenta-API prior to version 0.48.1, a Python sandbox escape vulnerability existed in Agenta's custom code evaluator. Agenta used RestrictedPython as a sandboxing mechanism for user-supplied evaluator code, but incorrectly whitelisted the numpy package ...
Improper Neutralization of Special Elements Used in a Template Engine
Overview agenta is a The SDK for agenta is an open-source LLMOps platform. Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine in the API server evaluator template rendering. An attacker can execute arbitrary code on the server...
PYSEC-2026-7
Agenta is an open-source LLMOps platform. A Server-Side Template Injection SSTI vulnerability exists in versions prior to 0.86.8 in Agenta's API server evaluator template rendering. Although the vulnerable code lives in the SDK package, it is executed server-side within the API process when runni...
CVE-2026-27961
Agenta is an open-source LLMOps platform. A Server-Side Template Injection SSTI vulnerability exists in versions prior to 0.86.8 in Agenta's API server evaluator template rendering. Although the vulnerable code lives in the SDK package, it is executed server-side within the API process when runni...
PYSEC-2026-7
Agenta is an open-source LLMOps platform. A Server-Side Template Injection SSTI vulnerability exists in versions prior to 0.86.8 in Agenta's API server evaluator template rendering. Although the vulnerable code lives in the SDK package, it is executed server-side within the API process when runni...
PYSEC-2026-6
Agenta is an open-source LLMOps platform. In Agenta-API prior to version 0.48.1, a Python sandbox escape vulnerability existed in Agenta's custom code evaluator. Agenta used RestrictedPython as a sandboxing mechanism for user-supplied evaluator code, but incorrectly whitelisted the numpy package ...
CVE-2026-27952
Agenta is an open-source LLMOps platform. In Agenta-API prior to version 0.48.1, a Python sandbox escape vulnerability existed in Agenta's custom code evaluator. Agenta used RestrictedPython as a sandboxing mechanism for user-supplied evaluator code, but incorrectly whitelisted the numpy package ...
EUVD-2026-8817
Agenta is an open-source LLMOps platform. A Server-Side Template Injection SSTI vulnerability exists in versions prior to 0.86.8 in Agenta's API server evaluator template rendering. Although the vulnerable code lives in the SDK package, it is executed server-side within the API process when runni...
CVE-2026-27961
Agenta is an open-source LLMOps platform. A Server-Side Template Injection SSTI vulnerability exists in versions prior to 0.86.8 in Agenta's API server evaluator template rendering. Although the vulnerable code lives in the SDK package, it is executed server-side within the API process when runni...
CVE-2026-27961 Agenta's Server-Side Template Injection (SSTI) via custom evaluator Jinja2 templates allows RCE
Agenta is an open-source LLMOps platform. A Server-Side Template Injection SSTI vulnerability exists in versions prior to 0.86.8 in Agenta's API server evaluator template rendering. Although the vulnerable code lives in the SDK package, it is executed server-side within the API process when runni...
CVE-2026-27961
Agenta (open-source LLMOps platform) has a Server-Side Template Injection (SSTI) vulnerability in API server evaluator templates for versions prior to 0.86.8. The vulnerable code runs server-side within the API process (SDK code executed server-side) and does not affect standalone SDK usage; impa...
CVE-2026-27961 Agenta's Server-Side Template Injection (SSTI) via custom evaluator Jinja2 templates allows RCE
Agenta is an open-source LLMOps platform. A Server-Side Template Injection SSTI vulnerability exists in versions prior to 0.86.8 in Agenta's API server evaluator template rendering. Although the vulnerable code lives in the SDK package, it is executed server-side within the API process when runni...
CVE-2026-27961 Agenta's Server-Side Template Injection (SSTI) via custom evaluator Jinja2 templates allows RCE
Agenta is an open-source LLMOps platform. A Server-Side Template Injection SSTI vulnerability exists in versions prior to 0.86.8 in Agenta's API server evaluator template rendering. Although the vulnerable code lives in the SDK package, it is executed server-side within the API process when runni...
CVE-2026-27952
Agenta is an open-source LLMOps platform. In Agenta-API prior to version 0.48.1, a Python sandbox escape vulnerability existed in Agenta's custom code evaluator. Agenta used RestrictedPython as a sandboxing mechanism for user-supplied evaluator code, but incorrectly whitelisted the numpy package ...
EUVD-2026-8814
Agenta is an open-source LLMOps platform. In Agenta-API prior to version 0.48.1, a Python sandbox escape vulnerability existed in Agenta's custom code evaluator. Agenta used RestrictedPython as a sandboxing mechanism for user-supplied evaluator code, but incorrectly whitelisted the numpy package ...
CVE-2026-27952
Agenta’s API server prior to v0.48.1 used RestrictedPython to sandbox user-supplied evaluator code, but incorrectly whitelisted numpy. An authenticated user could escape the sandbox via numpy.ma.core.inspect (exposing sys.modules) and achieve arbitrary code execution on the API server. The issue ...
CVE-2026-27952 Agenta has Python Sandbox Escape, Leading to Remote Code Execution (RCE)
Agenta is an open-source LLMOps platform. In Agenta-API prior to version 0.48.1, a Python sandbox escape vulnerability existed in Agenta's custom code evaluator. Agenta used RestrictedPython as a sandboxing mechanism for user-supplied evaluator code, but incorrectly whitelisted the numpy package ...
Agenta 安全漏洞
Agenta is an open-source platform developed by Agenta for building production-grade large language model applications. Versions of Agenta prior to 0.86.8 contained a security vulnerability. This vulnerability stemmed from server-side template injection in the API server’s template rendering...
PT-2026-22105
Name of the Vulnerable Software and Affected Versions Agenta versions prior to 0.86.8 Description Agenta is an open-source LLMOps platform. A Server-Side Template Injection SSTI issue exists in the API server evaluator template rendering for versions prior to 0.86.8. The vulnerable code is within...