Common Weakness Enumeration
CWE-1336
AllowedImproper Neutralization of Special Elements Used in a Template Engine
Abstraction: Base · Status: Incomplete
The product uses a template engine to insert or process externally-influenced input, but it does not neutralize or incorrectly neutralizes special elements or syntax that can be interpreted as template expressions or other code directives when processed by the engine.
312 vulnerabilities reference this CWE, most recent first.
CVE-2026-55794 (GCVE-0-2026-55794)
Vulnerability from cvelistv5 – Published: 2026-07-01 23:26 – Updated: 2026-07-02 12:41
VLAI
EPSS
VEX
Title
Craft CMS: Potential authenticated Remote Code Execution via referrer redirect
Summary
Craft CMS is a content management system (CMS). In versions 5.9.0 and above prior to 5.10.0, control panel users with the ability to edit entries can execute unsandboxed Twig code via the HTTP Referrer header, potentially leading to authenticated RCE. The issue happens when a user is saving entries. Strings for a signed redirect URL are being compiled as a Twig template via renderObjectTemplate(), and while a sandboxed alternative already exists (renderSandboxedObjectTemplate()), it is not used in this case. This signed URL can be specified by users, as it is reflected in the “Referer” HTTP request header, which is under attacker control. This issue has been fixed in version 5.10.0.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/craftcms/cms/security/advisori… | x_refsource_CONFIRM |
| https://github.com/craftcms/cms/pull/18680 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-55794",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-02T12:41:30.954619Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-02T12:41:39.752Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "cms",
"vendor": "craftcms",
"versions": [
{
"status": "affected",
"version": "\u003e= 5.9.0, \u003c 5.10.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Craft CMS is a content management system (CMS). In versions 5.9.0 and above prior to 5.10.0, control panel users with the ability to edit entries can execute unsandboxed Twig code via the HTTP Referrer header, potentially leading to authenticated RCE. The issue happens when a user is saving entries. Strings for a signed redirect URL are being compiled as a Twig template via renderObjectTemplate(), and while a sandboxed alternative already exists (renderSandboxedObjectTemplate()), it is not used in this case. This signed URL can be specified by users, as it is reflected in the \u201cReferer\u201d HTTP request header, which is under attacker control. This issue has been fixed in version 5.10.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1336",
"description": "CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-01T23:26:22.071Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/craftcms/cms/security/advisories/GHSA-f74w-488g-8x5r",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/craftcms/cms/security/advisories/GHSA-f74w-488g-8x5r"
},
{
"name": "https://github.com/craftcms/cms/pull/18680",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/craftcms/cms/pull/18680"
}
],
"source": {
"advisory": "GHSA-f74w-488g-8x5r",
"discovery": "UNKNOWN"
},
"title": "Craft CMS: Potential authenticated Remote Code Execution via referrer redirect"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-55794",
"datePublished": "2026-07-01T23:26:22.071Z",
"dateReserved": "2026-06-17T14:40:28.380Z",
"dateUpdated": "2026-07-02T12:41:39.752Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-54390 (GCVE-0-2026-54390)
Vulnerability from cvelistv5 – Published: 2026-06-18 17:33 – Updated: 2026-06-23 11:39 X_Open Source
VLAI
EPSS
VEX
Title
JTL Shop < 5.7.2 Server-Side Template Injection via Smarty Renderer
Summary
JTL Shop versions 5.2.0 through 5.7.1 contains a server-side template injection vulnerability that allows unauthenticated attackers to inject malicious template syntax due to unsanitized user-supplied input passed to the Smarty template engine. Attackers can exploit this flaw to read sensitive server-side values such as database credentials and encryption keys, and on versions 5.4.0 through 5.7.1, leverage registered Smarty modifiers including unserialize and file_get_contents to write a webshell to the web root and execute arbitrary commands as the web server user.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-1336 - Improper Neutralization of Special Elements Used in a Template Engine
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://sansec.io/research/jtl-shop-ssti-rce | technical-description |
| https://forum.jtl-software.de/threads/jtl-shop-5-… | release-notespatch |
| https://www.vulncheck.com/advisories/jtl-shop-ser… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| JTL Software | JTL Shop |
Unaffected:
5.0.0 , ≤ 5.1.8
(semver)
Affected: 5.2.0 , < 5.4.0 (semver) Affected: 5.4.0 , ≤ 5.7.1 (semver) Unaffected: 5.5.4 (semver) Unaffected: 5.6.2 (semver) Unaffected: 5.7.2 (semver) |
Date Public
2026-04-08 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-54390",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-22T12:39:02.156506Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-22T12:39:39.093Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "JTL Shop",
"vendor": "JTL Software",
"versions": [
{
"lessThanOrEqual": "5.1.8",
"status": "unaffected",
"version": "5.0.0",
"versionType": "semver"
},
{
"lessThan": "5.4.0",
"status": "affected",
"version": "5.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.7.1",
"status": "affected",
"version": "5.4.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "5.5.4",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "5.6.2",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "5.7.2",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Sansec"
}
],
"datePublic": "2026-04-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "JTL Shop versions 5.2.0 through 5.7.1 contains a server-side template injection vulnerability that allows unauthenticated attackers to inject malicious template syntax due to unsanitized user-supplied input passed to the Smarty template engine. Attackers can exploit this flaw to read sensitive server-side values such as database credentials and encryption keys, and on versions 5.4.0 through 5.7.1, leverage registered Smarty modifiers including unserialize and file_get_contents to write a webshell to the web root and execute arbitrary commands as the web server user."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1336",
"description": "Improper Neutralization of Special Elements Used in a Template Engine",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-23T11:39:42.099Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"technical-description"
],
"url": "https://sansec.io/research/jtl-shop-ssti-rce"
},
{
"tags": [
"release-notes",
"patch"
],
"url": "https://forum.jtl-software.de/threads/jtl-shop-5-7-aktuell-5-7-2.246278/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/jtl-shop-server-side-template-injection-via-smarty-renderer"
}
],
"source": {
"discovery": "UNKNOWN"
},
"tags": [
"x_open-source"
],
"title": "JTL Shop \u003c 5.7.2 Server-Side Template Injection via Smarty Renderer",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-54390",
"datePublished": "2026-06-18T17:33:46.230Z",
"dateReserved": "2026-06-12T20:20:02.950Z",
"dateUpdated": "2026-06-23T11:39:42.099Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-52796 (GCVE-0-2026-52796)
Vulnerability from cvelistv5 – Published: 2026-06-24 20:13 – Updated: 2026-06-25 20:10
VLAI
EPSS
VEX
Title
Gogs: DoS in rendering issue index pattern
Summary
Gogs is an open source self-hosted Git service. Prior to 0.14.3, specially crafted issue index pattern can cause a panic when rendering, resulting in denial of service. In internal/markup/markup.go, RenderIssueIndexPattern renders the issue index pattern to a link using com.Expand, which is not safe: when the configured pattern contains an opening brace { but no closing brace }, strings.Index(template, "}") returns -1 and the subsequent slice template[:-1] triggers a panic. Once such a pattern is set, any page in the affected repository that contains an issue index reference such as #1 becomes unavailable. This vulnerability is fixed in 0.14.3.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1336 - Improper Neutralization of Special Elements Used in a Template Engine
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/gogs/gogs/security/advisories/… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-52796",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-25T20:10:04.777866Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-25T20:10:28.834Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/gogs/gogs/security/advisories/GHSA-4j89-2c4f-44c6"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "gogs",
"vendor": "gogs",
"versions": [
{
"status": "affected",
"version": "\u003c 0.14.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Gogs is an open source self-hosted Git service. Prior to 0.14.3, specially crafted issue index pattern can cause a panic when rendering, resulting in denial of service. In internal/markup/markup.go, RenderIssueIndexPattern renders the issue index pattern to a link using com.Expand, which is not safe: when the configured pattern contains an opening brace { but no closing brace }, strings.Index(template, \"}\") returns -1 and the subsequent slice template[:-1] triggers a panic. Once such a pattern is set, any page in the affected repository that contains an issue index reference such as #1 becomes unavailable. This vulnerability is fixed in 0.14.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1336",
"description": "CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-24T20:13:11.884Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/gogs/gogs/security/advisories/GHSA-4j89-2c4f-44c6",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/gogs/gogs/security/advisories/GHSA-4j89-2c4f-44c6"
}
],
"source": {
"advisory": "GHSA-4j89-2c4f-44c6",
"discovery": "UNKNOWN"
},
"title": "Gogs: DoS in rendering issue index pattern"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-52796",
"datePublished": "2026-06-24T20:13:11.884Z",
"dateReserved": "2026-06-08T18:02:19.731Z",
"dateUpdated": "2026-06-25T20:10:28.834Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-45714 (GCVE-0-2026-45714)
Vulnerability from cvelistv5 – Published: 2026-05-13 20:43 – Updated: 2026-05-14 15:51
VLAI
EPSS
VEX
Title
CubeCart: Server-Side Template Injection (SSTI) in Smarty Templates leading to RCE
Summary
CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authenticated Server-Side Template Injection (SSTI) vulnerability exists in multiple modules of CubeCart (including Email Templates, Invoices, Documents, and Contact Forms). The application unsafely evaluates user-supplied input using the Smarty template engine without enabling Smarty Security Policies. This allows any authenticated user with administrative privileges to execute arbitrary operating system commands (RCE) on the server. This vulnerability is fixed in 6.7.0.
Severity
9.1 (Critical)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/cubecart/v6/security/advisorie… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-45714",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-14T15:50:11.575188Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T15:51:08.463Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/cubecart/v6/security/advisories/GHSA-pcfr-xgc9-xfv6"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "v6",
"vendor": "cubecart",
"versions": [
{
"status": "affected",
"version": "\u003c 6.7.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authenticated Server-Side Template Injection (SSTI) vulnerability exists in multiple modules of CubeCart (including Email Templates, Invoices, Documents, and Contact Forms). The application unsafely evaluates user-supplied input using the Smarty template engine without enabling Smarty Security Policies. This allows any authenticated user with administrative privileges to execute arbitrary operating system commands (RCE) on the server. This vulnerability is fixed in 6.7.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-1336",
"description": "CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-13T20:43:33.607Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/cubecart/v6/security/advisories/GHSA-pcfr-xgc9-xfv6",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/cubecart/v6/security/advisories/GHSA-pcfr-xgc9-xfv6"
}
],
"source": {
"advisory": "GHSA-pcfr-xgc9-xfv6",
"discovery": "UNKNOWN"
},
"title": "CubeCart: Server-Side Template Injection (SSTI) in Smarty Templates leading to RCE"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-45714",
"datePublished": "2026-05-13T20:43:33.607Z",
"dateReserved": "2026-05-13T05:51:48.666Z",
"dateUpdated": "2026-05-14T15:51:08.463Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-45697 (GCVE-0-2026-45697)
Vulnerability from cvelistv5 – Published: 2026-05-29 19:01 – Updated: 2026-06-01 15:18
VLAI
EPSS
VEX
Title
Formie: Pre-authenticated server-side template injection in Hidden fields
Summary
Formie is a Craft CMS plugin for creating forms. Prior to 2.2.20 and 3.1.24, unauthenticated users could submit crafted values into Hidden fields (with Default value → Custom) that were evaluated as Twig during submission handling, which could lead to serious compromise of the Craft site (depending on template/sandbox behavior). This vulnerability is fixed in 2.2.20 and 3.1.24.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/verbb/formie/security/advisori… | x_refsource_CONFIRM |
| https://github.com/verbb/formie/commit/f690d56231… | x_refsource_MISC |
| https://github.com/verbb/formie/releases/tag/2.2.20 | x_refsource_MISC |
| https://github.com/verbb/formie/releases/tag/3.1.24 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-45697",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-01T15:18:36.758634Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-01T15:18:51.317Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "formie",
"vendor": "verbb",
"versions": [
{
"status": "affected",
"version": "\u003c 2.2.20"
},
{
"status": "affected",
"version": "\u003e= 3.0.0-beta.1, \u003c 3.1.24"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Formie is a Craft CMS plugin for creating forms. Prior to 2.2.20 and 3.1.24, unauthenticated users could submit crafted values into Hidden fields (with Default value \u2192 Custom) that were evaluated as Twig during submission handling, which could lead to serious compromise of the Craft site (depending on template/sandbox behavior). This vulnerability is fixed in 2.2.20 and 3.1.24."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-693",
"description": "CWE-693: Protection Mechanism Failure",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-1336",
"description": "CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-29T19:01:49.220Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/verbb/formie/security/advisories/GHSA-x7m9-mwc2-g6w2",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/verbb/formie/security/advisories/GHSA-x7m9-mwc2-g6w2"
},
{
"name": "https://github.com/verbb/formie/commit/f690d5623163ce2a95da305238d6367575486ee3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/verbb/formie/commit/f690d5623163ce2a95da305238d6367575486ee3"
},
{
"name": "https://github.com/verbb/formie/releases/tag/2.2.20",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/verbb/formie/releases/tag/2.2.20"
},
{
"name": "https://github.com/verbb/formie/releases/tag/3.1.24",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/verbb/formie/releases/tag/3.1.24"
}
],
"source": {
"advisory": "GHSA-x7m9-mwc2-g6w2",
"discovery": "UNKNOWN"
},
"title": "Formie: Pre-authenticated server-side template injection in Hidden fields"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-45697",
"datePublished": "2026-05-29T19:01:49.220Z",
"dateReserved": "2026-05-13T04:38:01.165Z",
"dateUpdated": "2026-06-01T15:18:51.317Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-45312 (GCVE-0-2026-45312)
Vulnerability from cvelistv5 – Published: 2026-05-29 12:24 – Updated: 2026-06-02 01:02
VLAI
EPSS
VEX
Title
RAGFlow: Server-Side Template Injection in Prompt Generator leads to Remote Code Execution
Summary
RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In 0.24.0 and earlier, a Jinja2 template injection in the prompt generator (rag/prompts/generator.py) allows any authenticated user to execute arbitrary OS commands on the server. Any normal user can register, create a Canvas workflow with a DuckDuckGo + LLM component chain, and trigger the SSTI.
Severity
9.9 (Critical)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-1336 - Improper Neutralization of Special Elements Used in a Template Engine
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/infiniflow/ragflow/security/ad… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| infiniflow | ragflow |
Affected:
<= 0.24.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-45312",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-02T01:01:26.376594Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-02T01:02:42.683Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/infiniflow/ragflow/security/advisories/GHSA-wpg4-h5g2-jxm6"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ragflow",
"vendor": "infiniflow",
"versions": [
{
"status": "affected",
"version": "\u003c= 0.24.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In 0.24.0 and earlier, a Jinja2 template injection in the prompt generator (rag/prompts/generator.py) allows any authenticated user to execute arbitrary OS commands on the server. Any normal user can register, create a Canvas workflow with a DuckDuckGo + LLM component chain, and trigger the SSTI."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1336",
"description": "CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-29T12:24:07.996Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/infiniflow/ragflow/security/advisories/GHSA-wpg4-h5g2-jxm6",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/infiniflow/ragflow/security/advisories/GHSA-wpg4-h5g2-jxm6"
}
],
"source": {
"advisory": "GHSA-wpg4-h5g2-jxm6",
"discovery": "UNKNOWN"
},
"title": "RAGFlow: Server-Side Template Injection in Prompt Generator leads to Remote Code Execution"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-45312",
"datePublished": "2026-05-29T12:24:07.996Z",
"dateReserved": "2026-05-11T20:50:30.538Z",
"dateUpdated": "2026-06-02T01:02:42.683Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-44916 (GCVE-0-2026-44916)
Vulnerability from cvelistv5 – Published: 2026-05-08 06:38 – Updated: 2026-05-20 15:04
VLAI
EPSS
VEX
Summary
In OpenStack Ironic before 35.0.2 (in a certain non-default configuration), instance_info['ks_template'] is rendered without sandboxing.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1336 - Improper Neutralization of Special Elements Used in a Template Engine
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-44916",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-08T12:50:26.825911Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-08T12:50:35.499Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2026-05-11T17:40:03.179Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/05/11/7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Ironic",
"vendor": "OpenStack",
"versions": [
{
"lessThan": "26.1.7",
"status": "affected",
"version": "17.0.0",
"versionType": "semver"
},
{
"lessThan": "29.0.6",
"status": "affected",
"version": "27.0.0",
"versionType": "semver"
},
{
"lessThan": "32.0.2",
"status": "affected",
"version": "30.0.0",
"versionType": "semver"
},
{
"lessThan": "35.0.2",
"status": "affected",
"version": "33.0.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openstack:ironic:*:*:*:*:*:*:*:*",
"versionEndExcluding": "26.1.7",
"versionStartIncluding": "17.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:ironic:*:*:*:*:*:*:*:*",
"versionEndExcluding": "29.0.6",
"versionStartIncluding": "27.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:ironic:*:*:*:*:*:*:*:*",
"versionEndExcluding": "32.0.2",
"versionStartIncluding": "30.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:ironic:*:*:*:*:*:*:*:*",
"versionEndExcluding": "35.0.2",
"versionStartIncluding": "33.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In OpenStack Ironic before 35.0.2 (in a certain non-default configuration), instance_info[\u0027ks_template\u0027] is rendered without sandboxing."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1336",
"description": "CWE-1336 Improper Neutralization of Special Elements Used in a Template Engine",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-20T15:04:18.146Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://bugs.launchpad.net/ironic/+bug/2148307"
},
{
"url": "https://security.openstack.org/ossa/OSSA-2026-012.html"
}
],
"x_generator": {
"engine": "CVE-Request-form 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2026-44916",
"datePublished": "2026-05-08T06:38:37.279Z",
"dateReserved": "2026-05-08T06:38:36.747Z",
"dateUpdated": "2026-05-20T15:04:18.146Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-44723 (GCVE-0-2026-44723)
Vulnerability from cvelistv5 – Published: 2026-05-26 15:49 – Updated: 2026-05-28 13:58
VLAI
EPSS
VEX
Title
Vowpal Wabbit: Shell injection via crafted PR title in python_checks.yml allows arbitrary command execution on CI runner
Summary
Vowpal Wabbit is a machine learning system. The workflow .github/workflows/python_checks.yml embeds ${{ github.event.pull_request.title }} directly inside double-quoted bash strings in four separate steps across four jobs, each passing it as a CLI argument to the Python test script run_tests_model_gen_and_load.py. The shell interprets the expanded string before invoking Python, allowing an attacker to break out of the quotes and execute arbitrary commands on the runner. The pull_request trigger fires on PRs targeting any branch (branches: ['*']), with no additional access gate. This vulnerability is fixed by the 998e390e80a7e8192d7849b7784bc113dbd190ad commit.
Severity
5 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/VowpalWabbit/vowpal_wabbit/sec… | x_refsource_CONFIRM |
| https://github.com/VowpalWabbit/vowpal_wabbit/com… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| VowpalWabbit | vowpal_wabbit |
Affected:
< 998e390e80a7e8192d7849b7784bc113dbd190ad
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-44723",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-28T13:57:55.755971Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-28T13:58:23.038Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/VowpalWabbit/vowpal_wabbit/security/advisories/GHSA-cg2g-xgg7-3xxq"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "vowpal_wabbit",
"vendor": "VowpalWabbit",
"versions": [
{
"status": "affected",
"version": "\u003c 998e390e80a7e8192d7849b7784bc113dbd190ad"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vowpal Wabbit is a machine learning system. The workflow .github/workflows/python_checks.yml embeds ${{ github.event.pull_request.title }} directly inside double-quoted bash strings in four separate steps across four jobs, each passing it as a CLI argument to the Python test script run_tests_model_gen_and_load.py. The shell interprets the expanded string before invoking Python, allowing an attacker to break out of the quotes and execute arbitrary commands on the runner. The pull_request trigger fires on PRs targeting any branch (branches: [\u0027*\u0027]), with no additional access gate. This vulnerability is fixed by the 998e390e80a7e8192d7849b7784bc113dbd190ad commit."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-1336",
"description": "CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T15:49:17.951Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/VowpalWabbit/vowpal_wabbit/security/advisories/GHSA-cg2g-xgg7-3xxq",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/VowpalWabbit/vowpal_wabbit/security/advisories/GHSA-cg2g-xgg7-3xxq"
},
{
"name": "https://github.com/VowpalWabbit/vowpal_wabbit/commit/998e390e80a7e8192d7849b7784bc113dbd190ad",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/VowpalWabbit/vowpal_wabbit/commit/998e390e80a7e8192d7849b7784bc113dbd190ad"
}
],
"source": {
"advisory": "GHSA-cg2g-xgg7-3xxq",
"discovery": "UNKNOWN"
},
"title": "Vowpal Wabbit: Shell injection via crafted PR title in python_checks.yml allows arbitrary command execution on CI runner"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-44723",
"datePublished": "2026-05-26T15:49:17.951Z",
"dateReserved": "2026-05-07T18:04:17.308Z",
"dateUpdated": "2026-05-28T13:58:23.038Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-44377 (GCVE-0-2026-44377)
Vulnerability from cvelistv5 – Published: 2026-05-13 20:36 – Updated: 2026-05-14 13:55
VLAI
EPSS
VEX
Title
CubeCart: Server-Side Template Injection (SSTI) in Smarty Templates leading to RCE
Summary
CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authenticated Server-Side Template Injection (SSTI) vulnerability exists in multiple modules of CubeCart (including Email Templates and Documents). The application unsafely evaluates user-supplied input directly through the Smarty template engine. By leveraging this, an authenticated attacker with administrative privileges can bypass current restrictions and call native PHP functions within the templates, such as readgzfile() to read sensitive configuration files, or error_log() to write a malicious PHP web shell, ultimately achieving Information Disclosure and full Remote Code Execution (RCE). This vulnerability is fixed in 6.7.0.
Severity
9.1 (Critical)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/cubecart/v6/security/advisorie… | x_refsource_CONFIRM |
| https://github.com/cubecart/v6/commit/76d783c8c4d… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-44377",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-14T13:55:50.332353Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T13:55:55.119Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/cubecart/v6/security/advisories/GHSA-wpjx-g695-qc5j"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "v6",
"vendor": "cubecart",
"versions": [
{
"status": "affected",
"version": "\u003c 6.7.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authenticated Server-Side Template Injection (SSTI) vulnerability exists in multiple modules of CubeCart (including Email Templates and Documents). The application unsafely evaluates user-supplied input directly through the Smarty template engine. By leveraging this, an authenticated attacker with administrative privileges can bypass current restrictions and call native PHP functions within the templates, such as readgzfile() to read sensitive configuration files, or error_log() to write a malicious PHP web shell, ultimately achieving Information Disclosure and full Remote Code Execution (RCE). This vulnerability is fixed in 6.7.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-1336",
"description": "CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-13T20:36:22.009Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/cubecart/v6/security/advisories/GHSA-wpjx-g695-qc5j",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/cubecart/v6/security/advisories/GHSA-wpjx-g695-qc5j"
},
{
"name": "https://github.com/cubecart/v6/commit/76d783c8c4d87a8a90dbfef1344a2733e7c6434c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cubecart/v6/commit/76d783c8c4d87a8a90dbfef1344a2733e7c6434c"
}
],
"source": {
"advisory": "GHSA-wpjx-g695-qc5j",
"discovery": "UNKNOWN"
},
"title": "CubeCart: Server-Side Template Injection (SSTI) in Smarty Templates leading to RCE"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-44377",
"datePublished": "2026-05-13T20:36:22.009Z",
"dateReserved": "2026-05-05T20:15:20.631Z",
"dateUpdated": "2026-05-14T13:55:55.119Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-44209 (GCVE-0-2026-44209)
Vulnerability from cvelistv5 – Published: 2026-05-26 20:46 – Updated: 2026-07-15 00:54
VLAI
EPSS
VEX
Title
Banks: Critical Remote Code Execution (RCE) via Jinja2 SSTI
Summary
Banks generates meaningful LLM prompts using a template language that makes sense. Prior to 2.4.2, banks uses jinja2.Environment() (unsandboxed) to render prompt templates. Applications that pass user-supplied strings as the template argument to Prompt() are vulnerable to Server-Side Template Injection (SSTI), which can lead to Remote Code Execution (RCE) on the host system. This vulnerability is fixed in 2.4.2.
Severity
7.5 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/masci/banks/security/advisorie… | x_refsource_CONFIRM |
| https://github.com/masci/banks/pull/74 | x_refsource_MISC |
| https://access.redhat.com/security/cve/CVE-2026-44209 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2481713 | issue-trackingx_refsource_REDHAT |
| https://security.access.redhat.com/data/csaf/v2/v… | x_sadp-csaf-vex |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| masci | banks |
Affected:
< 2.4.2
|
|
| Red Hat | Exploit Intelligence |
cpe:/a:redhat:exploit_intelligence:0 |
|
| Red Hat | OpenShift Lightspeed |
cpe:/a:redhat:openshift_lightspeed |
|
| Red Hat | Red Hat Ansible Automation Platform 2 |
cpe:/a:redhat:ansible_automation_platform:2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-44209",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-28T14:07:18.330651Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-28T14:07:44.481Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/masci/banks/security/advisories/GHSA-gphh-9q3h-jgpp"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:exploit_intelligence:0"
],
"defaultStatus": "affected",
"packageName": "exploit-intelligence-tech-preview/vulnerability-analysis-rhel9",
"product": "Exploit Intelligence",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_lightspeed"
],
"defaultStatus": "affected",
"packageName": "openshift-lightspeed/lightspeed-ocp-rag-rhel9",
"product": "OpenShift Lightspeed",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_lightspeed"
],
"defaultStatus": "unaffected",
"packageName": "openshift-lightspeed/lightspeed-service-api-rhel9",
"product": "OpenShift Lightspeed",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_lightspeed"
],
"defaultStatus": "unaffected",
"packageName": "openshift-lightspeed-tech-preview/lightspeed-rag-tool-rhel9",
"product": "OpenShift Lightspeed",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2"
],
"defaultStatus": "affected",
"packageName": "ansible-automation-platform-25/lightspeed-chatbot-rhel8",
"product": "Red Hat Ansible Automation Platform 2",
"vendor": "Red Hat"
}
],
"datePublic": "2026-05-26T20:46:56.002Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in banks. This vulnerability, known as Server-Side Template Injection (SSTI), allows a remote attacker to achieve Remote Code Execution (RCE) on the host system. This occurs when applications using banks pass user-supplied strings directly as template arguments to the Prompt() function, which then renders these templates in an unsandboxed environment."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-917",
"description": "Improper Neutralization of Special Elements used in an Expression Language Statement (\u0027Expression Language Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-15T00:54:37.821Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-44209"
},
{
"name": "RHBZ#2481713",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2481713"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-44209.json"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-26T22:01:09.917Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-05-26T20:46:56.002Z",
"value": "Made public."
}
],
"title": "banks: banks: Remote Code Execution via Server-Side Template Injection",
"workarounds": [
{
"lang": "en",
"value": "To mitigate this issue, applications utilizing the `banks` library should avoid passing user-controlled data into `Prompt()` sink. This prevents malicious input from being interpreted as template code, thereby reducing the risk of Server-Side Template Injection and subsequent remote code execution. Recommended to update to patched version."
}
],
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"product": "banks",
"vendor": "masci",
"versions": [
{
"status": "affected",
"version": "\u003c 2.4.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Banks generates meaningful LLM prompts using a template language that makes sense. Prior to 2.4.2, banks uses jinja2.Environment() (unsandboxed) to render prompt templates. Applications that pass user-supplied strings as the template argument to Prompt() are vulnerable to Server-Side Template Injection (SSTI), which can lead to Remote Code Execution (RCE) on the host system. This vulnerability is fixed in 2.4.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1336",
"description": "CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T20:46:56.002Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/masci/banks/security/advisories/GHSA-gphh-9q3h-jgpp",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/masci/banks/security/advisories/GHSA-gphh-9q3h-jgpp"
},
{
"name": "https://github.com/masci/banks/pull/74",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/masci/banks/pull/74"
}
],
"source": {
"advisory": "GHSA-gphh-9q3h-jgpp",
"discovery": "UNKNOWN"
},
"title": "Banks: Critical Remote Code Execution (RCE) via Jinja2 SSTI"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-44209",
"datePublished": "2026-05-26T20:46:56.002Z",
"dateReserved": "2026-05-05T15:13:47.571Z",
"dateUpdated": "2026-07-15T00:54:37.821Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation
Architecture and Design
Choose a template engine that offers a sandbox or restricted mode, or at least limits the power of any available expressions, function calls, or commands.
Mitigation
Implementation
Use the template engine's sandbox or restricted mode, if available.
No CAPEC attack patterns related to this CWE.