PT-2026-44826

RAGFlow is an open-source RAG Retrieval-Augmented Generation engine. In 0.24.0 and earlier, a Jinja2 template injection in the prompt generator rag/prompts/generator.py allows any authenticated user to execute arbitrary OS commands on the server. Any normal user can register, create a Canvas...

Astra Linux - уязвимость в jinja2

Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting XSS. The Jinja xmlattr filter can be abused t...

CVE-2026-40320

Giskard is an open-source testing framework for AI models. In versions prior to 1.0.2b1, the ConformityCheck class rendered the rule parameter through Jinja2's default Template constructor, silently interpreting template expressions at runtime. If check definitions are loaded from an untrusted...

EUVD-2026-23860

SGLang's reranking endpoint /v1/rerank achieves Remote Code Execution RCE when a model file containing a malcious tokenizer.chattemplate is loaded, as the Jinja2 chat templates are rendered using an unsandboxed jinja2.Environment...

sglang 安全漏洞

SGLang is a programming language and runtime system developed by SGL-project, aimed at accelerating large model inference. SGLang has a security vulnerability. This vulnerability arises from loading model files that contain malicious tokenizer/chattemplate components. As a result, the Jinja2 chat...

CVE-2026-40320

Giskard (giskard-checks) CVE-2026-40320 involves unsandboxed Jinja2 template rendering in the ConformityCheck rule processing. In versions prior to 1.0.2b1, ConformityCheck rendered the rule parameter using Jinja2’s default Template(), enabling runtime interpretation of template expressions. If c...

Giskard has Unsandboxed Jinja2 Template Rendering in ConformityCheck

Summary The ConformityCheck class in giskard-checks rendered the rule parameter through Jinja2's default Template constructor. Because the rule string is silently interpreted as a Jinja2 template, a developer may not realize that template expressions embedded in rule definitions are evaluated at...

PT-2026-32984

Name of the Vulnerable Software and Affected Versions giskard-checks versions prior to 1.0.2b1 Description The ConformityCheck class rendered the rule parameter through Jinja2's default Template constructor, which silently interpreted template expressions at runtime. If check definitions are load...

CVE-2026-35044 BentoML has a Server-Side Template Injection via unsandboxed Jinja2 Environment in Dockerfile generation

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.38, the Dockerfile generation function generatecontainerfile in src/bentoml/internal/container/generate.py uses an unsandboxed jinja2.Environment with the jinja2.ext.do extensio...

GHSA-FRV4-X25R-588M Giskard Agents have Server-side template injection via ChatWorkflow.chat() using non-sandboxed Jinja2 Environment

Summary ChatWorkflow.chatmessage passes its string argument directly as a Jinja2 template source to a non-sandboxed Environment. A developer who passes user input to this method enables full remote code execution via Jinja2 class traversal. The method name chat and parameter name message naturall...

Improper Neutralization of Special Elements Used in a Template Engine

Overview giskard-agents is an A lightweight library that orchestrates LLM completions and agents in parallel workflows Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine via the ChatWorkflow.chat function. An attacker can...

PT-2026-28603

Summary ChatWorkflow.chatmessage passes its string argument directly as a Jinja2 template source to a non-sandboxed Environment. A developer who passes user input to this method enables full remote code execution via Jinja2 class traversal. The method name chat and parameter name message naturall...

PT-2026-26201

Name of the Vulnerable Software and Affected Versions dynaconf versions prior to 3.2.13 Description dynaconf is susceptible to Server-Side Template Injection SSTI due to insecure template evaluation within the @Jinja resolver. When the jinja2 package is installed, Dynaconf evaluates template...

MAL-2026-1352 Malicious code in jinja-template (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e79b3bda068fff4a0d32858209d995e311925bda047742e96a1c4bd5424083a The package jinja-template was found to contain malicious code. Source: ghsa-malware 777241a05ff1b9cafa5358e6127f852378179af0ed1c2c6c1ccea769cd94b398...

Malicious Package

Overview jinja-template is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious code in jinja-template (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e79b3bda068fff4a0d32858209d995e311925bda047742e96a1c4bd5424083a The package jinja-template was found to contain malicious code. Source: ghsa-malware 777241a05ff1b9cafa5358e6127f852378179af0ed1c2c6c1ccea769cd94b398...

EUVD-2026-11484

A vulnerability was identified in Jcharis Machine-Learning-Web-Apps up to a6996b634d98ccec4701ac8934016e8175b60eb5. The impacted element is the function rendertemplate of the file Machine-Learning-Web-Apps-master/Build-n-Deploy-Flask-App-with-Waypoint/app/app.py of the component Jinja2 Template...

CVE-2026-3962

The CVE-2026-3962 entry affects Jcharis Machine-Learning-Web-Apps (up to a6996b634d98ccec4701ac8934016e8175b60eb5) where the render_template function in Machine-Learning-Web-Apps-master/Build-n-Deploy-Flask-App-with-Waypoint/app/app.py under the Jinja2 Template Handler is vulnerable to cross-site...

📄 Jinja 2 1.4.0 Tactical RMM SSTI Detection

This proof of concept script detects potential server-side template injection vulnerabilities in web applications using template engines such as Jinja. The script sends a dynamically generated mathematical expression within a template payload to a target URL parameter. If the server evaluates the...

Improper Neutralization of Special Elements Used in a Template Engine

Overview datapizza-ai-core is a Core components for the datapizza-ai framework Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine via the ChatPromptTemplate function that utilises Jinja2 Template. An attacker can execute...