GHSA-F49J-V924-FX9W Jupyter Enterprise Gateway: Jinja2 Template Server Side Template Injection resulting in Remote Code Execution

Summary The environment variables KERNELXXX used during the rendering of the Kubernetes manifest are vulnerable to Server Side Template Injection SSTI. By including Jinja2 template expressions it is possible to execution Python code and OS Commands in the Enterprise Gateway service. The code can...

banks has Critical Remote Code Execution (RCE) via Jinja2 SSTI

Summary banks = 2.4.1 uses jinja2.Environment unsandboxed to render prompt templates. Applications that pass user-supplied strings as the template argument to Prompt are vulnerable to Server-Side Template Injection SSTI, which can lead to Remote Code Execution RCE on the host system. This is a...

SGLang is vulnerable to remote code execution when rendering chat templates from a model file

Overview A remote code execution vulnerability has been discovered in the SGLang project, specifically in the reranking endpoint /v1/rerank. A CVE has been assigned to track the vulnerability; CVE-2026-5760. An attacker can create a malicious model for SGLang to achieve RCE. Successful exploitati...

Remote Code Execution (RCE)

Giskard is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe rendering of user-controlled input using Jinja2 Template without validation, which allows an attacker to execute arbitrary code through crafted rule definitions...

CVE-2026-40320

Giskard is an open-source testing framework for AI models. In versions prior to 1.0.2b1, the ConformityCheck class rendered the rule parameter through Jinja2's default Template constructor, silently interpreting template expressions at runtime. If check definitions are loaded from an untrusted...

Giskard 安全漏洞

Giskard is an open-source evaluation and testing framework for artificial intelligence systems. Versions of Giskard prior to 1.0.2b1 contained security vulnerabilities. These vulnerabilities stemmed from the ConformityCheck class using the Jinja2 template engine to render rule parameters, which...

GHSA-7XJM-G8F4-RP26 Giskard has Unsandboxed Jinja2 Template Rendering in ConformityCheck

Summary The ConformityCheck class in giskard-checks rendered the rule parameter through Jinja2's default Template constructor. Because the rule string is silently interpreted as a Jinja2 template, a developer may not realize that template expressions embedded in rule definitions are evaluated at...

CVE-2026-35044

Summary (CVE-2026-35044) BentoML prior to 1.4.38 is vulnerable to server-side template injection via an unsandboxed Jinja2 environment used to render Dockerfile templates during containerization. attacker-controlled templates can execute arbitrary Python on the host during template rendering (not...

CVE-2026-28797

RAGFlow is an open-source RAG Retrieval-Augmented Generation engine. In versions 0.24.0 and prior, a Server-Side Template Injection SSTI vulnerability exists in RAGFlow's Agent workflow Text Processing StringTransform and Message components. These components use Python's jinja2.Template unsandbox...

CVE-2026-34172

Giskard is an open-source Python library for testing and evaluating agentic systems. Prior to versions 0.3.4 and 1.0.2b1, ChatWorkflow.chatmessage passes its string argument directly as a Jinja2 template source to a non-sandboxed Environment. A developer who passes user input to this method enabl...

CVE-2026-34172

Giskard is an open-source Python library for testing and evaluating agentic systems. Prior to versions 0.3.4 and 1.0.2b1, ChatWorkflow.chatmessage passes its string argument directly as a Jinja2 template source to a non-sandboxed Environment. A developer who passes user input to this method enabl...

Giskard Agents have Server-side template injection via ChatWorkflow.chat() using non-sandboxed Jinja2 Environment

Summary ChatWorkflow.chatmessage passes its string argument directly as a Jinja2 template source to a non-sandboxed Environment. A developer who passes user input to this method enables full remote code execution via Jinja2 class traversal. The method name chat and parameter name message naturall...

CVE-2026-3962

A vulnerability was identified in Jcharis Machine-Learning-Web-Apps up to a6996b634d98ccec4701ac8934016e8175b60eb5. The impacted element is the function rendertemplate of the file Machine-Learning-Web-Apps-master/Build-n-Deploy-Flask-App-with-Waypoint/app/app.py of the component Jinja2 Template...

CVE-2026-3962

A vulnerability was identified in Jcharis Machine-Learning-Web-Apps up to a6996b634d98ccec4701ac8934016e8175b60eb5. The impacted element is the function rendertemplate of the file Machine-Learning-Web-Apps-master/Build-n-Deploy-Flask-App-with-Waypoint/app/app.py of the component Jinja2 Template...

CVE-2026-3962 Jcharis Machine-Learning-Web-Apps Jinja2 Template app.py render_template cross site scripting

A vulnerability was identified in Jcharis Machine-Learning-Web-Apps up to a6996b634d98ccec4701ac8934016e8175b60eb5. The impacted element is the function rendertemplate of the file Machine-Learning-Web-Apps-master/Build-n-Deploy-Flask-App-with-Waypoint/app/app.py of the component Jinja2 Template...

CVE-2026-3962 Jcharis Machine-Learning-Web-Apps Jinja2 Template app.py render_template cross site scripting

A vulnerability was identified in Jcharis Machine-Learning-Web-Apps up to a6996b634d98ccec4701ac8934016e8175b60eb5. The impacted element is the function rendertemplate of the file Machine-Learning-Web-Apps-master/Build-n-Deploy-Flask-App-with-Waypoint/app/app.py of the component Jinja2 Template...

CVE-2026-3962

A vulnerability was identified in Jcharis Machine-Learning-Web-Apps up to a6996b634d98ccec4701ac8934016e8175b60eb5. The impacted element is the function rendertemplate of the file Machine-Learning-Web-Apps-master/Build-n-Deploy-Flask-App-with-Waypoint/app/app.py of the component Jinja2 Template...

Machine-Learning-Web-Apps 代码注入漏洞

Machine-Learning-Web-Apps is a machine learning web application development framework developed by JCharis Jesse. There is a code injection vulnerability in Machine-Learning-Web-Apps, which stems from an incorrect operation on the rendertemplate function in the Jinja2 Template Handler component o...

PT-2026-24891

A vulnerability was identified in Jcharis Machine-Learning-Web-Apps up to a6996b634d98ccec4701ac8934016e8175b60eb5. The impacted element is the function render template of the file Machine-Learning-Web-Apps-master/Build-n-Deploy-Flask-App-with-Waypoint/app/app.py of the component Jinja2 Template...

CVE-2026-27629

InvenTree is an Open Source Inventory Management System. Prior to version 1.2.3, insecure server-side templates can be hijacked to expose secure information to the client. When generating custom batch codes, the InvenTree server makes use of a customizable jinja2 template, which can be modified b...