High severity7.5GHSA Advisory· Published May 26, 2026· Updated May 29, 2026
CVE-2026-44209
CVE-2026-44209
Description
Banks generates meaningful LLM prompts using a template language that makes sense. Prior to 2.4.2, banks uses jinja2.Environment() (unsandboxed) to render prompt templates. Applications that pass user-supplied strings as the template argument to Prompt() are vulnerable to Server-Side Template Injection (SSTI), which can lead to Remote Code Execution (RCE) on the host system. This vulnerability is fixed in 2.4.2.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
banksPyPI | < 2.4.2 | 2.4.2 |
Affected products
2Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.