Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Dynaconf vulnerability (USN-8231-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-8231-1 advisory. It was discovered that Dynaconf was incorrectly handling template evaluation in its string resolvers. A remote attacker could...

USN-8231-1 python-dynaconf vulnerability

It was discovered that Dynaconf was incorrectly handling template evaluation in its string resolvers. A remote attacker could possibly use this issue to execute arbitrary code...

USN-8231-1: Dynaconf vulnerability

It was discovered that Dynaconf was incorrectly handling template evaluation in its string resolvers. A remote attacker could possibly use this issue to execute arbitrary code...

PT-2026-38540

It was discovered that Dynaconf was incorrectly handling template evaluation in its string resolvers. A remote attacker could possibly use this issue to execute arbitrary code...

openSUSE 16 Security Update : python-dynaconf (openSUSE-SU-2026:20429-1)

The remote openSUSE 16 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2026:20429-1 advisory. Changes in python-dynaconf: - CVE-2026-33154: Server-Side Template Injection in the @Jinja resolver bsc1260063 Tenable has extracted the preceding...

Security update for python-dynaconf (important)

openSUSE security update: security update for python-dynaconf ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20429-1 Rating: important References: bsc1260063 Cross-References: CVE-2026-33154 Affected Products: openSUSE Leap 16.0...

OPENSUSE-SU-2026:20429-1 Security update for python-dynaconf

This update for python-dynaconf fixes the following issues: Changes in python-dynaconf: - CVE-2026-33154: Server-Side Template Injection in the @Jinja resolver bsc1260063...

python311-dynaconf-3.2.13-1.1 on GA media (moderate)

python311-dynaconf-3.2.13-1.1 on GA media Announcement ID: openSUSE-SU-2026:10411-1 Rating: moderate Cross-References: CVE-2026-33154 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the...

SUSE CVE-2026-33154

dynaconf is a configuration management tool for Python. Prior to version 3.2.13, Dynaconf is vulnerable to Server-Side Template Injection SSTI due to unsafe template evaluation in the @Jinja resolver. When the jinja2 package is installed, Dynaconf evaluates template expressions embedded in...

CVE-2026-33154

A flaw was found in dynaconf, a Python configuration management tool. This Server-Side Template Injection SSTI vulnerability occurs due to unsafe template evaluation in the @Jinja resolver when the jinja2 package is installed. A remote attacker could exploit this by embedding malicious template...

OPENSUSE-SU-2026:10411-1 python311-dynaconf-3.2.13-1.1 on GA media

These are all security issues fixed in the python311-dynaconf-3.2.13-1.1 package on the GA media of openSUSE Tumbleweed...

Linux Distros Unpatched Vulnerability : CVE-2026-33154

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - dynaconf is a configuration management tool for Python. Prior to version 3.2.13, Dynaconf is vulnerable to Server-Side Template Injection SSTI due to unsafe...

Improper Neutralization of Special Elements Used in a Template Engine

Overview dynaconf is a The dynamic configurator for your Python Project Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine due to unsafe template evaluation in the @Jinja resolver. An attacker can execute arbitrary code by...

ai-ebash (>=0.2.17 <=0.2.25), ansible-doctor (>=7.0.4 <=8.2.2) +54 more potentially affected by CVE-2026-33154 via dynaconf (>=3.0.0rc2 <=3.2.12)

dynaconf PYPI version =3.0.0rc2, =0.2.17, =7.0.4, =0.7.0, =4.1.0, =0.1.3, =0.1.1, =0.1.83, =0.1.54, =0.3.0, =0.0.2, =4.2.0, =6.1.0, =7.1.1 and more Source cves: CVE-2026-33154 Source advisory: SNYK:PYTHON-DYNACONF-15758256...

DEBIAN-CVE-2026-33154

dynaconf is a configuration management tool for Python. Prior to version 3.2.13, Dynaconf is vulnerable to Server-Side Template Injection SSTI due to unsafe template evaluation in the @Jinja resolver. When the jinja2 package is installed, Dynaconf evaluates template expressions embedded in...

CVE-2026-33154

dynaconf is a configuration management tool for Python. Prior to version 3.2.13, Dynaconf is vulnerable to Server-Side Template Injection SSTI due to unsafe template evaluation in the @Jinja resolver. When the jinja2 package is installed, Dynaconf evaluates template expressions embedded in...

UBUNTU-CVE-2026-33154

dynaconf is a configuration management tool for Python. Prior to version 3.2.13, Dynaconf is vulnerable to Server-Side Template Injection SSTI due to unsafe template evaluation in the @Jinja resolver. When the jinja2 package is installed, Dynaconf evaluates template expressions embedded in...

CVE-2026-33154

dynaconf is a configuration management tool for Python. Prior to version 3.2.13, Dynaconf is vulnerable to Server-Side Template Injection SSTI due to unsafe template evaluation in the @Jinja resolver. When the jinja2 package is installed, Dynaconf evaluates template expressions embedded in...

CVE-2026-33154 dynaconf Affected by Remote Code Execution (RCE) via Insecure Template Evaluation in @jinja Resolver

dynaconf is a configuration management tool for Python. Prior to version 3.2.13, Dynaconf is vulnerable to Server-Side Template Injection SSTI due to unsafe template evaluation in the @Jinja resolver. When the jinja2 package is installed, Dynaconf evaluates template expressions embedded in...

CVE-2026-33154

CVE-2026-33154 – Dynaconf SSTI (Jinja) vulnerability : Dynaconf for Python is vulnerable before version 3.2.13 due to unsafe template evaluation in the @Jinja resolver when the jinja2 package is present. This can allow Server-Side Template Injection in configuration values. The issue is fixed in ...