Skip to main content

Strix

1 CVEs product

Monthly

CVE-2026-15519 LOW POC Monitor

Inclusion of functionality from an untrusted control sphere in usestrix strix (up to v1.0.2) allows remote attackers to manipulate the system_prompt.jinja template within the PyPI Handler component, achieving limited confidentiality, integrity, and availability impact. The CVSS 4.0 score of 2.3 reflects high attack complexity and required passive user interaction, placing real-world exploitation difficulty considerably higher than the network-facing attack vector alone implies. A public proof-of-concept is available on GitHub; no patch has been issued and the vendor has not responded to disclosure.

Information Disclosure Strix
NVD VulDB GitHub
CVSS 4.0
1.3
EPSS
0.2%
EPSS 0% CVSS 1.3
LOW POC Monitor

Inclusion of functionality from an untrusted control sphere in usestrix strix (up to v1.0.2) allows remote attackers to manipulate the system_prompt.jinja template within the PyPI Handler component, achieving limited confidentiality, integrity, and availability impact. The CVSS 4.0 score of 2.3 reflects high attack complexity and required passive user interaction, placing real-world exploitation difficulty considerably higher than the network-facing attack vector alone implies. A public proof-of-concept is available on GitHub; no patch has been issued and the vendor has not responded to disclosure.

Information Disclosure Strix
NVD VulDB GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy