1286 matches found
Tandoor Recipes < 1.5.24 - Jinja2 SSTI RCE
Tandoor Recipes 1.5.24 has a Jinja2 SSTI vulnerability that allows command execution via recipe steps. id: CVE-2025-23211 info: name: Tandoor Recipes 1.5.24 - Jinja2 SSTI RCE author: sammiee5311 severity: critical description: | Tandoor Recipes 1.5.24 has a Jinja2 SSTI vulnerability that allows...
Jinja2 < 3.1.6 Sandbox Bypass (CVE-2025-27516)
The version of Jinja2 installed on the remote host is prior to 3.1.6. It is, therefore, affected by a sandbox bypass vulnerability: - An oversight in how the Jinja sandboxed environment interacts with the |attr filter allows an attacker that controls the content of a template to execute arbitrary...
PYSEC-2026-1471 Jinja2 vulnerable to sandbox breakout through attr filter selecting format method
An oversight in how the Jinja sandboxed environment interacts with the |attr filter allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends o...
PYSEC-2026-1447 Insecure Jinja2 templates rendered in Haystack Components can lead to RCE
Impact Haystack clients that let their users create and run Pipelines from scratch are vulnerable to remote code executions. Certain Components in Haystack use Jinja2 templates, if anyone can create and render that template on the client machine they run any code. Patches The problem has been fix...
dynaconf: jinja2: Dynaconf: Arbitrary code execution via Server-Side Template Injection
A flaw was found in dynaconf, a Python configuration management tool. This Server-Side Template Injection SSTI vulnerability occurs due to unsafe template evaluation in the @Jinja resolver when the jinja2 package is installed. A remote attacker could exploit this by embedding malicious template...
CVE-2026-33235
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions prior to 0.6.52, the Fill Text Template block is vulnerable to a Denial of Service DoS attack. While the backend implements a SandboxedEnvironment to prevent...
CVE-2026-33235
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions prior to 0.6.52, the Fill Text Template block is vulnerable to a Denial of Service DoS attack. While the backend implements a SandboxedEnvironment to prevent...
PT-2026-52089
Name of the Vulnerable Software and Affected Versions AutoGPT versions prior to 0.6.52 Description The Fill Text Template block is susceptible to a Denial of Service DoS attack. Although the backend utilizes a SandboxedEnvironment to block unauthorized attribute access, such as class , it does no...
BIT-AIRFLOW-2026-42252 Apache Airflow: BashOperator Jinja2 injection via dag_run.conf — low-privilege user pattern
Apache Airflow's official documentation at core-concepts/dag-run.html "Passing Parameters when triggering Dags" showed a verbatim BashOperatorbashcommand="echo value: dagrun.conf'conf1' " example without any quoting / sanitization warning. Dag authors who copied the pattern verbatim into...
Jupyter Enterprise Gateway: Jinja2 Template Server Side Template Injection resulting in Remote Code Execution
Summary The environment variables KERNELXXX used during the rendering of the Kubernetes manifest are vulnerable to Server Side Template Injection SSTI. By including Jinja2 template expressions it is possible to execution Python code and OS Commands in the Enterprise Gateway service. The code can...
GHSA-F49J-V924-FX9W Jupyter Enterprise Gateway: Jinja2 Template Server Side Template Injection resulting in Remote Code Execution
Summary The environment variables KERNELXXX used during the rendering of the Kubernetes manifest are vulnerable to Server Side Template Injection SSTI. By including Jinja2 template expressions it is possible to execution Python code and OS Commands in the Enterprise Gateway service. The code can...
ROOT-APP-PYPI-CVE-2024-56201 CVE-2024-56201 in rootio-Jinja2 - Patched by Root
Root has patched CVE-2024-56201 in the rootio-Jinja2 package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2024-56326 CVE-2024-56326 in rootio-Jinja2 - Patched by Root
Root has patched CVE-2024-56326 in the rootio-Jinja2 package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2025-27516 CVE-2025-27516 in rootio-Jinja2 - Patched by Root
Root has patched CVE-2025-27516 in the rootio-Jinja2 package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2024-34064 CVE-2024-34064 in rootio-Jinja2 - Patched by Root
Root has patched CVE-2024-34064 in the rootio-Jinja2 package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2024-22195 CVE-2024-22195 in rootio-Jinja2 - Patched by Root
Root has patched CVE-2024-22195 in the rootio-Jinja2 package for Root:PyPI. Multiple fixed versions available...
CVE-2026-45312
RAGFlow is an open-source RAG Retrieval-Augmented Generation engine. In 0.24.0 and earlier, a Jinja2 template injection in the prompt generator rag/prompts/generator.py allows any authenticated user to execute arbitrary OS commands on the server. Any normal user can register, create a Canvas...
CVE-2026-42252 Apache Airflow: BashOperator Jinja2 injection via dag_run.conf — low-privilege user pattern
Apache Airflow's official documentation at core-concepts/dag-run.html "Passing Parameters when triggering Dags" showed a verbatim BashOperatorbashcommand="echo value: dagrun.conf'conf1' " example without any quoting / sanitization warning. Dag authors who copied the pattern verbatim into...
CVE-2026-42252 Apache Airflow: BashOperator Jinja2 injection via dag_run.conf — low-privilege user pattern
Apache Airflow's official documentation at core-concepts/dag-run.html "Passing Parameters when triggering Dags" showed a verbatim BashOperatorbashcommand="echo value: dagrun.conf'conf1' " example without any quoting / sanitization warning. Dag authors who copied the pattern verbatim into...
CVE-2026-42252 Apache Airflow: BashOperator Jinja2 injection via dag_run.conf — low-privilege user pattern
Apache Airflow's official documentation at core-concepts/dag-run.html "Passing Parameters when triggering Dags" showed a verbatim BashOperatorbashcommand="echo value: dagrun.conf'conf1' " example without any quoting / sanitization warning. Dag authors who copied the pattern verbatim into...