CWE-1336— Improper Neutralization of Special Elements Used in a Template Engine (SSTI)
156 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-1336page 3 of 4
- CVE-2025-66299HIGHCVSS 8.8EG 8.82025-12-01
Grav is a file-based Web platform. Prior to 1.8.0-beta.27, Grav CMS is vulnerable to a Server-Side Template Injection (SSTI) that allows any authenticated user with editor permissions to execute arbitrary code on the remote server, bypassi…
- CVE-2025-66361MEDIUMCVSS 6.5EG 6.52025-11-28
An issue was discovered in Logpoint before 7.7.0. Sensitive information is exposed in System Processes for an extended period during high CPU load.
- CVE-2025-66434HIGHCVSS 8.8EG 9.82025-12-15
An SSTI (Server-Side Template Injection) vulnerability exists in the get_dunning_letter_text method of Frappe ERPNext through 15.89.0. The function renders attacker-controlled Jinja2 templates (body_text) using frappe.render_template() wit…
- CVE-2025-66435MEDIUMCVSS 4.3EG 4.32025-12-15
An SSTI (Server-Side Template Injection) vulnerability exists in the get_contract_template method of Frappe ERPNext through 15.89.0. The function renders attacker-controlled Jinja2 templates (contract_terms) using frappe.render_template() …
- CVE-2025-66436MEDIUMCVSS 4.3EG 4.32025-12-15
An SSTI (Server-Side Template Injection) vulnerability exists in the get_terms_and_conditions method of Frappe ERPNext through 15.89.0. The function renders attacker-controlled Jinja2 templates (terms) using frappe.render_template() with a…
- CVE-2025-66437HIGHCVSS 8.8EG 8.82025-12-15
An SSTI (Server-Side Template Injection) vulnerability exists in the get_address_display method of Frappe ERPNext through 15.89.0. This function renders address templates using frappe.render_template() with a context derived from the addre…
- CVE-2025-66438HIGHCVSS 8.8EG 9.82025-12-15
A Server-Side Template Injection (SSTI) vulnerability exists in the Frappe ERPNext through 15.89.0 Print Format rendering mechanism. Specifically, the API frappe.www.printview.get_html_and_style() triggers the rendering of the html field i…
- CVE-2025-6761HIGHCVSS 7.3EG 7.32025-06-27
A vulnerability was found in Kingdee Cloud-Starry-Sky Enterprise Edition 6.x/7.x/8.x/9.0. It has been rated as critical. Affected by this issue is the function plugin.buildMobilePopHtml of the file \k3\o2o\bos\webapp\action\DynamicForm 4 A…
- CVE-2025-67843HIGHCVSS 8.3EG 8.32025-12-19
A Server-Side Template Injection (SSTI) vulnerability in the MDX Rendering Engine in Mintlify Platform before 2025-11-15 allows remote attackers to execute arbitrary code via inline JSX expressions in an MDX file.
- CVE-2025-68454HIGHCVSS 8.8EG 8.82026-01-05
Craft is a platform for creating digital experiences. Versions 5.0.0-RC1 through 5.8.20 and 4.0.0-RC1 through 4.16.16 are vulnerable to potential authenticated Remote Code Execution via Twig SSTI. For this to work, users must have administ…
- CVE-2025-68929CRITICALCVSS 9.0EG 9.02025-12-29
Frappe is a full-stack web application framework. Prior to versions 14.99.6 and 15.88.1, an authenticated user with specific permissions could be tricked into accessing a specially crafted link. This could lead to a malicious template bein…
- CVE-2025-69516HIGHCVSS 8.8EG 8.82026-01-29
A Server-Side Template Injection (SSTI) vulnerability in the /reporting/templates/preview/ endpoint of Amidaware Tactical RMM, affecting versions equal to or earlier than v1.3.1, allows low-privileged users with Report Viewer or Report Man…
- CVE-2025-9094MEDIUMCVSS 4.3EG 4.32025-08-17
A vulnerability was detected in ThingsBoard 4.1. This vulnerability affects unknown code of the component Add Gateway Handler. The manipulation leads to improper neutralization of special elements used in a template engine. The attack can …
- CVE-2026-1868CRITICALCVSS 9.9EG 9.92026-02-09
GitLab has remediated a vulnerability in the Duo Workflow Service component of GitLab AI Gateway affecting all versions of the AI Gateway from 18.1.6, 18.2.6, 18.3.1 to 18.6.1, 18.7.0, and 18.8.0 in which AI Gateway was vulnerable to insec…
- CVE-2026-21448CRITICALCVSS 9.8EG 9.82026-01-02
Bagisto is an open source laravel eCommerce platform. Versions prior to 2.3.10 are vulnerable to server-side template injection. When a normal customer orders any product, in the `add address` step they can inject a value to run in admin v…
- CVE-2026-21449HIGHCVSS 8.8EG 8.82026-01-02
Bagisto is an open source laravel eCommerce platform. Versions prior to 2.3.10 are vulnerable to server-side template injection via first name and last name from a low-privilege user. Version 2.3.10 fixes the issue.
- CVE-2026-21450CRITICALCVSS 9.8EG 9.82026-01-02
Bagisto is an open source laravel eCommerce platform. Versions prior to 2.3.10 are vulnerable to server-side template injection via type parameter, which can lead to remote code execution or another exploitation. Version 2.3.10 fixes the i…
- CVE-2026-22244HIGHCVSS 7.2EG 7.22026-01-08
OpenMetadata is a unified metadata platform. Versions prior to 1.11.4 are vulnerable to remote code execution via Server-Side Template Injection (SSTI) in FreeMarker email templates. An attacker must have administrative privileges to explo…
- CVE-2026-23626MEDIUMCVSS 6.8EG 6.82026-01-18
Kimai is a web-based multi-user time-tracking application. Prior to version 2.46.0, Kimai's export functionality uses a Twig sandbox with an overly permissive security policy (`DefaultPolicy`) that allows arbitrary method calls on objects …
- CVE-2026-25526CRITICALCVSS 9.8EG 9.82026-02-04
JinJava is a Java-based template engine based on django template syntax, adapted to render jinja templates. Prior to versions 2.7.6 and 2.8.3, JinJava is vulnerable to arbitrary Java execution via bypass through ForTag. This allows arbitra…
- CVE-2026-25731HIGHCVSS 7.8EG 7.82026-02-06
calibre is an e-book manager. Prior to 9.2.0, a Server-Side Template Injection (SSTI) vulnerability in Calibre's Templite templating engine allows arbitrary code execution when a user converts an ebook using a malicious custom template fil…
- CVE-2026-26026CRITICALCVSS 9.1EG 9.12026-04-06
GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, template injection by an administrator lead to RCE. This vulnerability is fixed in 11.0.6.
- CVE-2026-28797HIGHCVSS 8.8EG 8.82026-04-03
RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In versions 0.24.0 and prior, a Server-Side Template Injection (SSTI) vulnerability exists in RAGFlow's Agent workflow Text Processing (StringTransform) and Message com…
- CVE-2026-29207MEDIUMCVSS 6.5EG 6.52026-05-19
Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue. Please n…
- CVE-2026-33392HIGHCVSS 7.2EG 7.22026-04-17
In JetBrains YouTrack before 2025.3.131383 high privileged user can achieve RCE via sandbox bypass
- CVE-2026-34587HIGHCVSS 8.1EG 8.12026-04-24
Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, Kirby's user permissions control which user role is allowed to perform specific actions to content models in the CMS. These permissions are defined for e…
- CVE-2026-34724HIGHCVSS 7.2EG 7.22026-04-08
Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1, a server-side template injection vulnerability which leads to RCE via AI Agent exists. Impact is limited to environments where an attacker can control or …
- CVE-2026-34906CRITICALCVSS 9.3EG 9.32026-06-02
Server-Side Template Injection (SSTI) in Wirtualna Uczelnia allows an unauthenticated attacker to perform Remote Code Execution (RCE). In the endpoint redirectToUrl and parameter redirectUrlParameter, insufficient input validation permits …
- CVE-2026-35044HIGHCVSS 8.8EG 8.82026-04-06
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.38, the Dockerfile generation function generate_containerfile() in src/bentoml/_internal/container/generate.py uses an …
- CVE-2026-35477MEDIUMCVSS 5.5EG 5.52026-04-08
InvenTree is an Open Source Inventory Management System. From 1.2.3 to 1.2.6, the fix for CVE-2026-27629 upgraded the PART_NAME_FORMAT validator to use jinja2.sandbox.SandboxedEnvironment. However, the actual renderer in part/helpers.py wa…
- CVE-2026-39980CRITICALCVSS 9.1EG 9.12026-04-09
OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.9.5, the safeEjs.ts file does not properly sanitize EJS templates. Users with the Manage customization capability can run arbit…
- CVE-2026-40087MEDIUMCVSS 5.3EG 5.32026-04-09
LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.84 and 1.2.28, LangChain's f-string prompt-template validation was incomplete in two respects. First, some prompt template classes accepted f-string te…
- CVE-2026-40320HIGHCVSS 7.8EG 7.82026-04-17
Giskard is an open-source testing framework for AI models. In versions prior to 1.0.2b1, the ConformityCheck class rendered the rule parameter through Jinja2's default Template() constructor, silently interpreting template expressions at r…
- CVE-2026-40477CRITICALCVSS 9.0EG 9.02026-04-17
Thymeleaf is a server-side Java template engine for web and standalone environments. Versions 3.1.3.RELEASE and prior contain a security bypass vulnerability in the expression execution mechanisms. Although the library provides mechanisms …
- CVE-2026-40478CRITICALCVSS 9.0EG 9.02026-04-17
Thymeleaf is a server-side Java template engine for web and standalone environments. Versions 3.1.3.RELEASE and prior contain a security bypass vulnerability in the the expression execution mechanisms. Although the library provides mechani…
- CVE-2026-40602MEDIUMCVSS 5.6EG 5.62026-04-21
The Home Assistant Command-line interface (hass-cli) is a command-line tool for Home Assistant. Up to 1.0.0 of home-assitant-cli an unrestricted environment was used to handle Jninja2 templates instead of a sandboxed one. The user-supplied…
- CVE-2026-41318MEDIUMCVSS 5.4EG 5.42026-04-24
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to version 1.12.1, AnythingLLM's in-chat markdown renderer has an unsafe custom rule for images that interpol…
- CVE-2026-41713HIGHCVSS 8.2EG 8.22026-05-12
A malicious user could craft input that is stored in conversation memory and later interpreted by the model in an unintended way. Applications using the affected advisor with user-controlled input may be susceptible to manipulation of mode…
- CVE-2026-41901CRITICALCVSS 9.0EG 9.02026-05-12
Thymeleaf is a server-side Java template engine for web and standalone environments. Prior to 3.1.5.RELEASE, a security bypass vulnerability exists in the expression execution mechanisms of Thymeleaf. Although the library provides mechanis…
- CVE-2026-42203HIGHCVSS 8.8EG 8.82026-05-08
LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.80.5 to before version 1.83.7, the POST /prompts/test endpoint accepted user-supplied prompt templates and rendered them without sandboxin…
- CVE-2026-42252CRITICALCVSS 9.1EG 0.02026-06-01
Apache Airflow's official documentation at `core-concepts/dag-run.html` ("Passing Parameters when triggering Dags") showed a verbatim `BashOperator(bash_command="echo value: {{ dag_run.conf['conf1'] }}")` example without any quoting / sani…
- CVE-2026-44129HIGHCVSS 8.3EG 8.32026-05-08
SEPPmail Secure Email Gateway before version 15.0.4 contains a server-side template injection vulnerability in the new GINA UI because an endpoint accepts attacker-controlled template, allowing remote attackers to execute arbitrary templa…
- CVE-2026-44209HIGHCVSS 7.5EG 7.52026-05-26
Banks generates meaningful LLM prompts using a template language that makes sense. Prior to 2.4.2, banks uses jinja2.Environment() (unsandboxed) to render prompt templates. Applications that pass user-supplied strings as the template argum…
- CVE-2026-44377CRITICALCVSS 9.1EG 9.12026-05-13
CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authenticated Server-Side Template Injection (SSTI) vulnerability exists in multiple modules of CubeCart (including Email Templates and Documents). The application unsafely eva…
- CVE-2026-44723MEDIUMCVSS 5.0EG 5.02026-05-26
Vowpal Wabbit is a machine learning system. The workflow .github/workflows/python_checks.yml embeds ${{ github.event.pull_request.title }} directly inside double-quoted bash strings in four separate steps across four jobs, each passing it …
- CVE-2026-44916LOWCVSS 3.0EG 3.02026-05-08
In OpenStack Ironic before 35.0.2 (in a certain non-default configuration), instance_info['ks_template'] is rendered without sandboxing.
- CVE-2026-45312CRITICALCVSS 9.9EG 9.92026-05-29
RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In 0.24.0 and earlier, a Jinja2 template injection in the prompt generator (rag/prompts/generator.py) allows any authenticated user to execute arbitrary OS commands on …
- CVE-2026-45697CRITICALCVSS 9.8EG 9.82026-05-18
Formie is a Craft CMS plugin for creating forms. Prior to 2.2.20 and 3.1.24, unauthenticated users could submit crafted values into Hidden fields (with Default value → Custom) that were evaluated as Twig during submission handling, which…
- CVE-2026-45714CRITICALCVSS 9.1EG 9.12026-05-13
CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authenticated Server-Side Template Injection (SSTI) vulnerability exists in multiple modules of CubeCart (including Email Templates, Invoices, Documents, and Contact Forms). Th…
- CVE-2026-49382MEDIUMCVSS 4.5EG 4.52026-05-29
In JetBrains IntelliJ IDEA before 2026.1 code execution was possible via template injection in the Copyright plugin
Map vulnerabilities like CWE-1336 to your infrastructure
EchelonGraph correlates every CVE — across CWE-1336 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →