What is the CVSS score of CVE-2026-35477?

CVE-2026-35477 has a CVSS 3.1 base score of 5.5 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N. EPSS exploitation probability: 0.0%.

Is there a patch available for CVE-2026-35477?

Yes, a patch is available for CVE-2026-35477. Update the affected software to the latest version immediately.

Ssti CVE-2026-35477

EUVD-2026-20588 MEDIUM

Improper Neutralization of Special Elements Used in a Template Engine (CWE-1336)

2026-04-08 security-advisories@github.com

Ssti RCE

5.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

Lifecycle Timeline

Patch available

Apr 16, 2026 - 05:29 EUVD

1.2.7

EUVD ID Assigned

Apr 08, 2026 - 20:23 euvd

EUVD-2026-20588

Analysis Generated

Apr 08, 2026 - 20:23 vuln.today

CVE Published

Apr 08, 2026 - 20:16 nvd

MEDIUM 5.5

DescriptionNVD

InvenTree is an Open Source Inventory Management System. From 1.2.3 to 1.2.6, the fix for CVE-2026-27629 upgraded the PART_NAME_FORMAT validator to use jinja2.sandbox.SandboxedEnvironment. However, the actual renderer in part/helpers.py was not updated and still uses the non-sandboxed jinja2.Environment. Additionally, the validator uses a dummy Part instance with pk=None, which allows conditional template expressions to behave differently during validation versus production rendering. A staff user with settings access can craft a template that passes validation but executes arbitrary code during rendering. This issue requires access by a user with granted staff permissions. This vulnerability is fixed in 1.2.7 and 1.3.0.

AnalysisAI

Remote code execution in InvenTree 1.2.3 through 1.2.6 allows staff users with settings access to execute arbitrary code by crafting malicious Jinja2 templates that bypass sandbox validation. The vulnerability exists because the PART_NAME_FORMAT validator uses a sandboxed Jinja2 environment, but the actual rendering engine in part/helpers.py uses an unsandboxed environment, combined with a validation bypass via dummy Part instances with pk=None that behave differently during validation versus production execution. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Vulnerability AssessmentAI

Risk Assessment	CVSS 5.5 with PR:H (high privilege required) significantly constrains real-world risk; this is not a remote unauthenticated attack. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	A staff user with access to InvenTree's settings pages (specifically the PART_NAME_FORMAT configuration) crafts a Jinja2 template such as '{{ part.name }}{% if part.pk %}{{ __import__("os").system("id") }}{% endif %}' that includes conditional template injection. During validation, the sandboxed environment rejects the injection, but because the validator uses a dummy Part with pk=None, the conditional evaluates to False and the malicious code is never tested. …
Remediation	Upgrade InvenTree to version 1.2.7 or 1.3.0 or later. … Detailed patch versions, workarounds, and compensating controls in full report.