Medium severity4.7NVD Advisory· Published Feb 23, 2026· Updated Apr 29, 2026
CVE-2026-2969
CVE-2026-2969
Description
A flaw has been found in datapizza-labs datapizza-ai 0.0.2. Affected is the function ChatPromptTemplate of the file datapizza-ai-core/datapizza/modules/prompt/prompt.py of the component Jinja2 Template Handler. This manipulation of the argument Prompt causes improper neutralization of special elements used in a template engine. Remote exploitation of the attack is possible. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
datapizza-ai-corePyPI | <= 0.0.2 | — |
Affected products
1- cpe:2.3:a:datapizza:datapizza_ai:0.0.2:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- github.com/hacktivesec/datapizza-ai-disclosure/blob/main/ssti.mdnvdExploitThird Party AdvisoryWEB
- github.com/hacktivesec/datapizza-ai-disclosure/blob/main/ssti.mdnvdExploitThird Party Advisory
- vuldb.comnvdExploitPermissions RequiredWEB
- vuldb.comnvdExploitWEB
- github.com/advisories/GHSA-q5xx-fxv3-xxqfghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-2969ghsaADVISORY
- vuldb.comnvdThird Party AdvisoryWEB
News mentions
0No linked articles in our index yet.