Skip to main content

CWE-1336

Improper Neutralization of Special Elements Used in a Template Engine

84 CVEs Avg CVSS 7.7 MITRE
25
CRITICAL
36
HIGH
15
MEDIUM
8
LOW
27
POC
0
KEV

Monthly

CVE-2026-28496 CRITICAL POC PATCH Act Now

Server-side template injection in FOSSBilling versions prior to 0.8.0 allows authenticated administrators to execute arbitrary code and disclose sensitive information by injecting Twig expressions into template-rendering features. The unsandboxed Twig environment exposes the application's dependency injection container, turning any admin-accessible template surface into a full RCE primitive. No public exploit identified at time of analysis, but a related auth-bypass chain (GHSA-78x5-c8gw-8279) is documented by VulnCheck and could lower the practical privilege bar.

RCE Information Disclosure Ssti Fossbilling
NVD GitHub
CVSS 4.0
9.4
EPSS
1.9%
CVE-2026-52796 Go LOW PATCH GHSA Monitor

{` placeholder, the third-party `com.Expand()` call in `internal/markup/markup.go` panics due to a negative slice index, making all repository pages that render issue references permanently unavailable until the configuration is corrected. No public exploit beyond the PoC included in the advisory is identified at time of analysis; this is not in CISA KEV.

Information Disclosure Ssti
NVD GitHub
CVSS 3.1
3.5
EPSS
0.3%
CVE-2026-54390 CRITICAL PATCH Act Now

Server-side template injection in JTL Shop 5.2.0 through 5.7.1 allows remote unauthenticated attackers to inject Smarty template syntax via unsanitized user input, exposing sensitive server-side values like database credentials and encryption keys. On versions 5.4.0 through 5.7.1, the flaw escalates to remote code execution by abusing registered Smarty modifiers (unserialize, file_get_contents) to drop a webshell and execute commands as the web server user. Publicly available exploit code exists via the Sansec research writeup, though no public exploit identified at time of analysis in CISA KEV.

Deserialization Ssti Jtl Shop
NVD VulDB
CVSS 4.0
9.3
EPSS
0.3%
CVE-2026-11407 PHP HIGH PATCH GHSA This Week

Twig sandbox bypass in Pimcore CMS/DXP 12.3.8 lets authenticated administrators escape the template sandbox by abusing empty checkMethodAllowed() and checkPropertyAllowed() implementations, enabling arbitrary method calls on internal PHP objects such as the DAO layer, Doctrine DBAL Connection, and PDO. Exploitation goes through a malicious Twig template injected via the DataObject ClassDefinition Layout\Text component and can lead to arbitrary file reads, arbitrary SQL execution, and potential remote code execution via PHP object gadget chains; the pimcore_* function wildcard broadens the bypass to every Pimcore Twig function. No public exploit identified at time of analysis, but VulnCheck has published an advisory describing the technique.

PHP RCE Ssti Pimcore Cms Dxp
NVD GitHub
CVSS 4.0
8.6
EPSS
0.6%
CVE-2026-41065 HIGH PATCH This Week

Remote code execution in Tautulli versions prior to 2.17.1 allows attackers to achieve unauthenticated RCE on fresh installations (pre-setup wizard) by abusing the newsletter custom template directory feature to load a malicious Mako template from an attacker-controlled SMB share. On completed installations the same chain remains exploitable by any authenticated admin. Publicly available exploit code exists per SSVC, and the SSVC framework rates this as automatable with total technical impact, though no CISA KEV listing has been confirmed.

RCE Python Ssti Tautulli
NVD GitHub VulDB
CVSS 4.0
8.9
EPSS
0.4%
CVE-2026-44181 PyPI CRITICAL PATCH GHSA Act Now

Server-side template injection in Jupyter Enterprise Gateway versions 2.0.0rc2 through 3.2.x allows remote attackers to execute arbitrary Python code and OS commands in the Enterprise Gateway pod by injecting Jinja2 expressions into KERNEL_XXX environment variables sent via the kernel-creation API. Successful exploitation yields the gateway's Kubernetes service account token, which (per the published PoC RBAC dump) carries cluster-impacting verbs over pods, secrets, and persistent volumes - providing a realistic path to full Kubernetes cluster compromise. A working PoC is published in the GHSA advisory (GHSA-f49j-v924-fx9w); no CISA KEV listing at time of analysis.

RCE Python Kubernetes Ssti
NVD GitHub
EPSS
0.9%
CVE-2026-34906 CRITICAL Act Now

Remote code execution in Wirtualna Uczelnia (versions up to wu#2016.437.295#0#20260327_105545) allows unauthenticated network attackers to execute arbitrary commands via Server-Side Template Injection in the redirectToUrl endpoint's redirectUrlParameter. The CVSS 4.0 base score of 9.3 reflects no authentication, no user interaction, and high impact across confidentiality, integrity, and availability; no public exploit identified at time of analysis, and the issue is not listed in CISA KEV. Disclosure originated from CERT-PL, indicating a vetted advisory channel for this Polish academic management product.

RCE Ssti
NVD
CVSS 4.0
9.3
EPSS
0.3%
CVE-2026-42252 PyPI CRITICAL PATCH Act Now

Server-side template injection in Apache Airflow versions 3.0.0 through 3.2.1 allows low-privilege authenticated users to inject Jinja2 expressions via dag_run.conf parameters that are unsafely interpolated into BashOperator commands, leading to arbitrary command execution in the worker context. The flaw carries a 9.1 CVSS but EPSS sits at just 0.03% (9th percentile), and there is no public exploit identified at time of analysis despite a vendor patch being available. Disclosure occurred via the oss-security mailing list on 2026-05-31 alongside several other Airflow advisories.

Apache Information Disclosure Ssti
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-49382 MEDIUM PATCH This Month

Template injection (SSTI) in JetBrains IntelliJ IDEA's Copyright plugin before version 2026.1 enables local code execution when a victim interacts with a maliciously crafted copyright template. The flaw, rooted in CWE-1336 (improper neutralization of template engine special elements), requires both local access and user interaction, and carries a CVSS score of 4.5 (Medium) reflecting these significant constraints. No public exploit or CISA KEV listing has been identified at time of analysis.

RCE Ssti
NVD VulDB
CVSS 3.1
4.5
EPSS
0.0%
CVE-2026-45312 CRITICAL Act Now

Server-side template injection in RAGFlow 0.24.0 and earlier allows any authenticated user to execute arbitrary operating system commands on the host through the Jinja2-based prompt generator (rag/prompts/generator.py). Because RAGFlow installations commonly permit open self-registration, the practical barrier is minimal: an attacker registers an account, builds a Canvas workflow chaining a DuckDuckGo retrieval node with an LLM node, and triggers the SSTI to break out of the Jinja2 sandbox. No public exploit identified at time of analysis, but the vendor security advisory describes the chain explicitly.

Code Injection Ssti
NVD GitHub
CVSS 3.1
9.9
EPSS
0.0%
EPSS 2% CVSS 9.4
CRITICAL POC PATCH Act Now

Server-side template injection in FOSSBilling versions prior to 0.8.0 allows authenticated administrators to execute arbitrary code and disclose sensitive information by injecting Twig expressions into template-rendering features. The unsandboxed Twig environment exposes the application's dependency injection container, turning any admin-accessible template surface into a full RCE primitive. No public exploit identified at time of analysis, but a related auth-bypass chain (GHSA-78x5-c8gw-8279) is documented by VulnCheck and could lower the practical privilege bar.

RCE Information Disclosure Ssti +1
NVD GitHub
EPSS 0% CVSS 3.5
LOW PATCH Monitor

{` placeholder, the third-party `com.Expand()` call in `internal/markup/markup.go` panics due to a negative slice index, making all repository pages that render issue references permanently unavailable until the configuration is corrected. No public exploit beyond the PoC included in the advisory is identified at time of analysis; this is not in CISA KEV.

Information Disclosure Ssti
NVD GitHub
EPSS 0% CVSS 9.3
CRITICAL PATCH Act Now

Server-side template injection in JTL Shop 5.2.0 through 5.7.1 allows remote unauthenticated attackers to inject Smarty template syntax via unsanitized user input, exposing sensitive server-side values like database credentials and encryption keys. On versions 5.4.0 through 5.7.1, the flaw escalates to remote code execution by abusing registered Smarty modifiers (unserialize, file_get_contents) to drop a webshell and execute commands as the web server user. Publicly available exploit code exists via the Sansec research writeup, though no public exploit identified at time of analysis in CISA KEV.

Deserialization Ssti Jtl Shop
NVD VulDB
EPSS 1% CVSS 8.6
HIGH PATCH This Week

Twig sandbox bypass in Pimcore CMS/DXP 12.3.8 lets authenticated administrators escape the template sandbox by abusing empty checkMethodAllowed() and checkPropertyAllowed() implementations, enabling arbitrary method calls on internal PHP objects such as the DAO layer, Doctrine DBAL Connection, and PDO. Exploitation goes through a malicious Twig template injected via the DataObject ClassDefinition Layout\Text component and can lead to arbitrary file reads, arbitrary SQL execution, and potential remote code execution via PHP object gadget chains; the pimcore_* function wildcard broadens the bypass to every Pimcore Twig function. No public exploit identified at time of analysis, but VulnCheck has published an advisory describing the technique.

PHP RCE Ssti +1
NVD GitHub
EPSS 0% CVSS 8.9
HIGH PATCH This Week

Remote code execution in Tautulli versions prior to 2.17.1 allows attackers to achieve unauthenticated RCE on fresh installations (pre-setup wizard) by abusing the newsletter custom template directory feature to load a malicious Mako template from an attacker-controlled SMB share. On completed installations the same chain remains exploitable by any authenticated admin. Publicly available exploit code exists per SSVC, and the SSVC framework rates this as automatable with total technical impact, though no CISA KEV listing has been confirmed.

RCE Python Ssti +1
NVD GitHub VulDB
EPSS 1%
CRITICAL PATCH Act Now

Server-side template injection in Jupyter Enterprise Gateway versions 2.0.0rc2 through 3.2.x allows remote attackers to execute arbitrary Python code and OS commands in the Enterprise Gateway pod by injecting Jinja2 expressions into KERNEL_XXX environment variables sent via the kernel-creation API. Successful exploitation yields the gateway's Kubernetes service account token, which (per the published PoC RBAC dump) carries cluster-impacting verbs over pods, secrets, and persistent volumes - providing a realistic path to full Kubernetes cluster compromise. A working PoC is published in the GHSA advisory (GHSA-f49j-v924-fx9w); no CISA KEV listing at time of analysis.

RCE Python Kubernetes +1
NVD GitHub
EPSS 0% CVSS 9.3
CRITICAL Act Now

Remote code execution in Wirtualna Uczelnia (versions up to wu#2016.437.295#0#20260327_105545) allows unauthenticated network attackers to execute arbitrary commands via Server-Side Template Injection in the redirectToUrl endpoint's redirectUrlParameter. The CVSS 4.0 base score of 9.3 reflects no authentication, no user interaction, and high impact across confidentiality, integrity, and availability; no public exploit identified at time of analysis, and the issue is not listed in CISA KEV. Disclosure originated from CERT-PL, indicating a vetted advisory channel for this Polish academic management product.

RCE Ssti
NVD
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Server-side template injection in Apache Airflow versions 3.0.0 through 3.2.1 allows low-privilege authenticated users to inject Jinja2 expressions via dag_run.conf parameters that are unsafely interpolated into BashOperator commands, leading to arbitrary command execution in the worker context. The flaw carries a 9.1 CVSS but EPSS sits at just 0.03% (9th percentile), and there is no public exploit identified at time of analysis despite a vendor patch being available. Disclosure occurred via the oss-security mailing list on 2026-05-31 alongside several other Airflow advisories.

Apache Information Disclosure Ssti
NVD GitHub VulDB
EPSS 0% CVSS 4.5
MEDIUM PATCH This Month

Template injection (SSTI) in JetBrains IntelliJ IDEA's Copyright plugin before version 2026.1 enables local code execution when a victim interacts with a maliciously crafted copyright template. The flaw, rooted in CWE-1336 (improper neutralization of template engine special elements), requires both local access and user interaction, and carries a CVSS score of 4.5 (Medium) reflecting these significant constraints. No public exploit or CISA KEV listing has been identified at time of analysis.

RCE Ssti
NVD VulDB
EPSS 0% CVSS 9.9
CRITICAL Act Now

Server-side template injection in RAGFlow 0.24.0 and earlier allows any authenticated user to execute arbitrary operating system commands on the host through the Jinja2-based prompt generator (rag/prompts/generator.py). Because RAGFlow installations commonly permit open self-registration, the practical barrier is minimal: an attacker registers an account, builds a Canvas workflow chaining a DuckDuckGo retrieval node with an LLM node, and triggers the SSTI to break out of the Jinja2 sandbox. No public exploit identified at time of analysis, but the vendor security advisory describes the chain explicitly.

Code Injection Ssti
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy