Which versions of NetBox are affected by EUVD-2026-26997?

NetBox versions 4.3.5 through 4.5.4 contain a remote code execution vulnerability that allows authenticated users with template management permissions to execute arbitrary commands on the NetBox…

Is there a public PoC exploit available for EUVD-2026-26997?

Yes, a public proof-of-concept exploit is available for EUVD-2026-26997. Prioritise patching immediately. EPSS: 0.0%.

NetBox EUVD-2026-26997

Q: What is the CVSS score of EUVD-2026-26997?

EUVD-2026-26997 has a CVSS 4.0 base score of 8.7 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

| CVE-2026-29514 HIGH

Permissive List of Allowed Inputs (CWE-183)

2026-05-04 VulnCheck

RCE Python

8.7

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Analysis Updated

May 04, 2026 - 17:29 vuln.today

v2 (cvss_changed)

Re-analysis Queued

May 04, 2026 - 17:22 vuln.today

cvss_changed

CVSS changed

May 04, 2026 - 17:22 NVD

8.8 (HIGH) 8.7 (HIGH)

PoC Detected

May 04, 2026 - 17:16 vuln.today

Public exploit code

Source Code Evidence Fetched

May 04, 2026 - 17:02 vuln.today

Analysis Generated

May 04, 2026 - 17:02 vuln.today

EUVD ID Assigned

May 04, 2026 - 16:30 euvd

EUVD-2026-26997

Analysis Generated

May 04, 2026 - 16:30 vuln.today

CVE Published

May 04, 2026 - 16:05 nvd

HIGH 8.7

DescriptionNVD

NetBox versions 4.3.5 through 4.5.4 contain a remote code execution vulnerability in the RenderTemplateMixin.get_environment_params() method that allows authenticated users with exporttemplate or configtemplate permissions to execute arbitrary code by specifying malicious Python callables in the environment_params field. Attackers can bypass Jinja2 SandboxedEnvironment protections by setting the finalize parameter to any importable Python callable such as subprocess.getoutput, which is invoked on every rendered expression outside the sandbox's call interception mechanism, achieving remote code execution as the NetBox service user.

AnalysisAI

Remote code execution in NetBox 4.3.5-4.5.4 allows authenticated users with exporttemplate or configtemplate permissions to execute arbitrary Python code as the NetBox service user by injecting malicious callables into Jinja2 template environment parameters. Attackers bypass SandboxedEnvironment protections by setting the finalize parameter to dangerous imports like subprocess.getoutput, which executes on every rendered expression outside sandbox call interception. …

RemediationAI

Within 24 hours: Identify all NetBox instances running versions 4.3.5-4.5.4 and document users with exporttemplate or configtemplate permissions. Within 7 days: Restrict template management permissions to only trusted administrators; audit recent template modifications for suspicious changes. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

EUVD-2026-26997 vulnerability details – vuln.today

Back

NetBox EUVD-2026-26997

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

NetBox EUVD-2026-26997

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code