6 matches found
CVE-2026-35477 InvenTree has SSTI in PART_NAME_FORMAT bypasses CVE-2026-27629 fix via {% if part.pk %} sandbox escape
InvenTree is an Open Source Inventory Management System. From 1.2.3 to 1.2.6, the fix for CVE-2026-27629 upgraded the PARTNAMEFORMAT validator to use jinja2.sandbox.SandboxedEnvironment. However, the actual renderer in part/helpers.py was not updated and still uses the non-sandboxed...
CVE-2026-35477 InvenTree has SSTI in PART_NAME_FORMAT bypasses CVE-2026-27629 fix via {% if part.pk %} sandbox escape
InvenTree is an Open Source Inventory Management System. From 1.2.3 to 1.2.6, the fix for CVE-2026-27629 upgraded the PARTNAMEFORMAT validator to use jinja2.sandbox.SandboxedEnvironment. However, the actual renderer in part/helpers.py was not updated and still uses the non-sandboxed...
CVE-2026-35477
CVE-2026-35477 affects InvenTree (1.2.3–1.2.6) where the PART_NAME_FORMAT validator used jinja2.sandbox.SandboxedEnvironment, but the actual renderer in part/helpers.py still used non-sandboxed jinja2.Environment. The validator also used a dummy Part with pk=None, creating a mismatch between vali...
PT-2026-31434
InvenTree is an Open Source Inventory Management System. From 1.2.3 to 1.2.6, the fix for CVE-2026-27629 upgraded the PART NAME FORMAT validator to use jinja2.sandbox.SandboxedEnvironment. However, the actual renderer in part/helpers.py was not updated and still uses the non-sandboxed...
CVE-2026-27629
InvenTree is an Open Source Inventory Management System. Prior to version 1.2.3, insecure server-side templates can be hijacked to expose secure information to the client. When generating custom batch codes, the InvenTree server makes use of a customizable jinja2 template, which can be modified b...
CVE-2026-27629
InvenTree CVE-2026-27629 is a Server-Side Template Injection (SSTI) in PART_NAME_FORMAT prior to 1.2.3. A staff member with settings access could modify a jinja2 template used during batch code generation; after validation, this template could be used by other users to exfiltrate data or execute ...