Lucene search
K

6 matches found

Vulnrichment
Vulnrichment
added 2026/04/08 7:20 p.m.2 views

CVE-2026-35477 InvenTree has SSTI in PART_NAME_FORMAT bypasses CVE-2026-27629 fix via {% if part.pk %} sandbox escape

InvenTree is an Open Source Inventory Management System. From 1.2.3 to 1.2.6, the fix for CVE-2026-27629 upgraded the PARTNAMEFORMAT validator to use jinja2.sandbox.SandboxedEnvironment. However, the actual renderer in part/helpers.py was not updated and still uses the non-sandboxed...

5.5CVSS6AI score0.00259EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/08 7:20 p.m.16 views

CVE-2026-35477 InvenTree has SSTI in PART_NAME_FORMAT bypasses CVE-2026-27629 fix via {% if part.pk %} sandbox escape

InvenTree is an Open Source Inventory Management System. From 1.2.3 to 1.2.6, the fix for CVE-2026-27629 upgraded the PARTNAMEFORMAT validator to use jinja2.sandbox.SandboxedEnvironment. However, the actual renderer in part/helpers.py was not updated and still uses the non-sandboxed...

5.5CVSS0.00259EPSS
Exploits0References1
CVE
CVE
added 2026/04/08 7:20 p.m.9 views

CVE-2026-35477

CVE-2026-35477 affects InvenTree (1.2.3–1.2.6) where the PART_NAME_FORMAT validator used jinja2.sandbox.SandboxedEnvironment, but the actual renderer in part/helpers.py still used non-sandboxed jinja2.Environment. The validator also used a dummy Part with pk=None, creating a mismatch between vali...

9.9CVSS6.2AI score0.00259EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.5 views

PT-2026-31434

InvenTree is an Open Source Inventory Management System. From 1.2.3 to 1.2.6, the fix for CVE-2026-27629 upgraded the PART NAME FORMAT validator to use jinja2.sandbox.SandboxedEnvironment. However, the actual renderer in part/helpers.py was not updated and still uses the non-sandboxed...

8.8CVSS6.2AI score0.00259EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/26 4:15 a.m.6 views

CVE-2026-27629

InvenTree is an Open Source Inventory Management System. Prior to version 1.2.3, insecure server-side templates can be hijacked to expose secure information to the client. When generating custom batch codes, the InvenTree server makes use of a customizable jinja2 template, which can be modified b...

8.8CVSS6AI score0.00259EPSS
Exploits0References1
CVE
CVE
added 2026/02/25 2:48 a.m.13 views

CVE-2026-27629

InvenTree CVE-2026-27629 is a Server-Side Template Injection (SSTI) in PART_NAME_FORMAT prior to 1.2.3. A staff member with settings access could modify a jinja2 template used during batch code generation; after validation, this template could be used by other users to exfiltrate data or execute ...

8.8CVSS6AI score0.00259EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder