Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
6DescriptionCVE.org
A vulnerability has been found in AntaresMugisho PyBlade 0.1.8-alpha/0.1.9-alpha. The affected element is the function _is_safe_ast of the file sandbox.py of the component AST Validation. Such manipulation leads to improper neutralization of special elements used in a template engine. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
AnalysisAI
Server-side template injection in PyBlade's AST validation function (_is_safe_ast in sandbox.py) allows authenticated remote attackers to bypass template safety checks and inject arbitrary template code, leading to information disclosure and potential code execution. Affected versions 0.1.8-alpha and 0.1.9-alpha contain improper neutralization of special template elements. Publicly available exploit code exists, though the vendor has not yet responded to disclosure.
Technical ContextAI
PyBlade is a Python template engine that implements AST (Abstract Syntax Tree) validation as a security boundary to prevent unsafe template expressions. The vulnerability resides in the _is_safe_ast function within sandbox.py, which is responsible for determining whether template constructs are safe to execute. CWE-1336 (Improper Neutralization of Special Elements Used in a Template Engine) indicates the root cause: the validation logic fails to properly identify and block dangerous template syntax patterns. By crafting malicious AST nodes that evade the safety check, attackers can inject expressions that the template engine will execute without further validation, leading to template injection attacks similar to SSTI (Server-Side Template Injection) vulnerabilities in systems like Jinja2 or Mako.
RemediationAI
No vendor-released patch has been issued at the time of analysis, and the project maintainer has not yet responded to the early disclosure. Users should immediately audit their PyBlade deployments and restrict template input validation until a fix is available. If possible, disable or isolate PyBlade functionality requiring untrusted template input, or implement additional input validation outside the template engine. Monitor the GitHub repository (https://github.com/AntaresMugisho/PyBlade/) and VulDB (https://vuldb.com/vuln/355329) for patch releases. Consider contributing a pull request to address the _is_safe_ast function's validation gaps, or evaluate alternative template engines with more mature security track records if upgrades are not available within your operational timeline.
Invision Community 5.0.0 through 5.0.6 contains an unauthenticated remote code execution vulnerability in the template e
Remote code execution in the WPML WordPress multilingual plugin (versions up to and including 4.6.12) allows Contributor
Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. Rated c
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Rated critical seve
changedetection.io is an open source web page change detection, website watcher, restock monitor and notification servic
A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms all
Gibbon through 26.0.00 allows /modules/School%20Admin/messengerSettings.php Server Side Template Injection leading to Re
Server-side template injection in FOSSBilling versions prior to 0.8.0 allows authenticated administrators to execute arb
AutoGPT versions 0.3.4 and earlier are vulnerable to a Server-Side Template Injection (SSTI) that could lead to Remote C
Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository mlflow/mlflow prior to 2.9.2.
Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository microweber/microweber prior t
OneBlog v2.3.6 was discovered to contain a template injection vulnerability via the template management department. Rate
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-19066
GHSA-23jg-5f8m-gw8c