CVE-2026-27629
InvenTree CVE-2026-27629 is a Server-Side Template Injection (SSTI) in PART_NAME_FORMAT prior to 1.2.3. A staff member with settings access could modify a jinja2 template used during batch code generation; after validation, this template could be used by other users to exfiltrate data or execute ...