Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Dynaconf vulnerability (USN-8231-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-8231-1 advisory. It was discovered that Dynaconf was incorrectly handling template evaluation in its string resolvers. A remote attacker could...

ai-ebash (>=0.2.17 <=0.2.25), ansible-doctor (>=7.0.4 <=8.2.2) +54 more potentially affected by CVE-2026-33154 via dynaconf (>=3.0.0rc2 <=3.2.12)

dynaconf PYPI version =3.0.0rc2, =0.2.17, =7.0.4, =0.7.0, =4.1.0, =0.1.3, =0.1.1, =0.1.83, =0.1.54, =0.3.0, =0.0.2, =4.2.0, =6.1.0, =7.1.1 and more Source cves: CVE-2026-33154 Source advisory: SNYK:PYTHON-DYNACONF-15758256...

CVE-2026-33154 dynaconf Affected by Remote Code Execution (RCE) via Insecure Template Evaluation in @jinja Resolver

dynaconf is a configuration management tool for Python. Prior to version 3.2.13, Dynaconf is vulnerable to Server-Side Template Injection SSTI due to unsafe template evaluation in the @Jinja resolver. When the jinja2 package is installed, Dynaconf evaluates template expressions embedded in...

dynaconf Affected by Remote Code Execution (RCE) via Insecure Template Evaluation in @jinja Resolver

Summary Dynaconf is vulnerable to Server-Side Template Injection SSTI due to unsafe template evaluation in the @jinja resolver. When the jinja2 package is installed, Dynaconf evaluates template expressions embedded in configuration values without a sandboxed environment. If an attacker can...