CVE-2026-29514

A flaw was found in NetBox. Authenticated users with exporttemplate or configtemplate permissions can exploit a vulnerability in the RenderTemplateMixin.getenvironmentparams method. By specifying malicious Python code in the environmentparams field, attackers can bypass security protections and...

CVE-2026-29514 NetBox 4.3.5 - 4.5.4 RCE via RenderTemplateMixin

NetBox versions 4.3.5 through 4.5.4 contain a remote code execution vulnerability in the RenderTemplateMixin.getenvironmentparams method that allows authenticated users with exporttemplate or configtemplate permissions to execute arbitrary code by specifying malicious Python callables in the...

CVE-2026-29514 NetBox 4.3.5 - 4.5.4 RCE via RenderTemplateMixin

NetBox versions 4.3.5 through 4.5.4 contain a remote code execution vulnerability in the RenderTemplateMixin.getenvironmentparams method that allows authenticated users with exporttemplate or configtemplate permissions to execute arbitrary code by specifying malicious Python callables in the...

NetBox 安全漏洞

NetBox is a tool developed by the NetBox community, based on Django and PostgreSQL, for IP address management IPAM and data center infrastructure management DCIM. There were security vulnerabilities in versions 4.3.5 to 4.5.4 of NetBox. These vulnerabilities stemmed from remote code execution in...

PT-2026-36830

Name of the Vulnerable Software and Affected Versions NetBox versions 4.3.5 through 4.5.4 Description An issue in the RenderTemplateMixin.get environment params method allows authenticated users with exporttemplate or configtemplate permissions to execute arbitrary code. By specifying malicious...