CWE-1336
Improper Neutralization of Special Elements Used in a Template Engine
Description
The product uses a template engine to insert or process externally-influenced input, but it does not neutralize or incorrectly neutralizes special elements or syntax that can be interpreted as template expressions or other code directives when processed by the engine.
Hierarchy (View 1000)
Parents
Children
none
CVEs mapped to this weakness (129)
page 1 of 7| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-34300 | Cri | 0.74 | — | 0.49 | Jul 16, 2025 | A template injection vulnerability exists in Sawtooth Software’s Lighthouse Studio versions prior to 9.16.14 via the ciwweb.pl http://ciwweb.pl/ Perl web application. Exploitation allows an unauthenticated attacker can execute arbitrary commands. | ||
| CVE-2024-6386 | Cri | 0.70 | 9.9 | 0.25 | Aug 21, 2024 | The WPML plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.6.12 via Twig Server-Side Template Injection. This is due to missing input validation and sanitization on the render function. This makes it possible for authenticated… | ||
| CVE-2024-32651 | Cri | 0.65 | 10.0 | 0.84 | Apr 26, 2024 | changedetection.io is an open source web page change detection, website watcher, restock monitor and notification service. There is a Server Side Template Injection (SSTI) in Jinja2 that allows Remote Command Execution on the server host. Attackers can run any system command… | ||
| CVE-2026-45312 | Cri | 0.64 | 9.9 | 0.00 | May 29, 2026 | RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In 0.24.0 and earlier, a Jinja2 template injection in the prompt generator (rag/prompts/generator.py) allows any authenticated user to execute arbitrary OS commands on the server. Any normal user can… | ||
| CVE-2026-9558 | Cri | 0.64 | 9.9 | 0.00 | May 29, 2026 | A Server-Side Template Injection (SSTI) vulnerability exists in Mautic's theme engine. The platform renders uploaded Twig templates without a sandbox or strict function restrictions. Authenticated users with permissions to create or upload themes can abuse this to execute… | ||
| CVE-2026-1868 | Cri | 0.64 | 9.9 | 0.01 | Feb 9, 2026 | GitLab has remediated a vulnerability in the Duo Workflow Service component of GitLab AI Gateway affecting all versions of the AI Gateway from 18.1.6, 18.2.6, 18.3.1 to 18.6.1, 18.7.0, and 18.8.0 in which AI Gateway was vulnerable to insecure template expansion of user supplied… | ||
| CVE-2026-34906 | Cri | 0.60 | — | 0.01 | Jun 2, 2026 | Server-Side Template Injection (SSTI) in Wirtualna Uczelnia allows an unauthenticated attacker to perform Remote Code Execution (RCE). In the endpoint redirectToUrl and parameter redirectUrlParameter, insufficient input validation permits injection of arbitrary template… | ||
| CVE-2026-41901 | Cri | 0.59 | 9.0 | 0.00 | May 12, 2026 | Thymeleaf is a server-side Java template engine for web and standalone environments. Prior to 3.1.5.RELEASE, a security bypass vulnerability exists in the expression execution mechanisms of Thymeleaf. Although the library provides mechanisms to avoid the execution of potentially… | ||
| CVE-2026-40478 | Cri | 0.59 | 9.0 | 0.01 | Apr 17, 2026 | Thymeleaf is a server-side Java template engine for web and standalone environments. Versions 3.1.3.RELEASE and prior contain a security bypass vulnerability in the the expression execution mechanisms. Although the library provides mechanisms to prevent expression injection, it… | ||
| CVE-2026-40477 | Cri | 0.59 | 9.0 | 0.01 | Apr 17, 2026 | Thymeleaf is a server-side Java template engine for web and standalone environments. Versions 3.1.3.RELEASE and prior contain a security bypass vulnerability in the expression execution mechanisms. Although the library provides mechanisms to prevent expression injection, it… | ||
| CVE-2025-53833 | Cri | 0.59 | 10.0 | 0.09 | Jul 14, 2025 | LaRecipe is an application that allows users to create documentation with Markdown inside a Laravel app. Versions prior to 2.8.1 are vulnerable to Server-Side Template Injection (SSTI), which could potentially lead to Remote Code Execution (RCE) in vulnerable configurations.… | ||
| CVE-2024-12583 | Cri | 0.58 | 9.9 | 0.01 | Jan 4, 2025 | The Dynamics 365 Integration plugin for WordPress is vulnerable to Remote Code Execution and Arbitrary File Read in all versions up to, and including, 1.3.23 via Twig Server-Side Template Injection. This is due to missing input validation and sanitization on the render function.… | ||
| CVE-2026-45697 | Cri | 0.57 | 9.8 | 0.00 | May 29, 2026 | Formie is a Craft CMS plugin for creating forms. Prior to 2.2.20 and 3.1.24, unauthenticated users could submit crafted values into Hidden fields (with Default value → Custom) that were evaluated as Twig during submission handling, which could lead to serious compromise of the… | ||
| CVE-2026-42203 | Hig | 0.57 | 8.8 | 0.00 | May 8, 2026 | LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.80.5 to before version 1.83.7, the POST /prompts/test endpoint accepted user-supplied prompt templates and rendered them without sandboxing. A crafted template could run… | ||
| CVE-2026-28797 | Hig | 0.57 | 8.8 | 0.00 | Apr 3, 2026 | RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In versions 0.24.0 and prior, a Server-Side Template Injection (SSTI) vulnerability exists in RAGFlow's Agent workflow Text Processing (StringTransform) and Message components. These components use Python's… | ||
| CVE-2026-33654 | Cri | 0.57 | 9.8 | 0.00 | Mar 27, 2026 | nanobot is a personal AI assistant. Prior to version 0.1.6, an indirect prompt injection vulnerability exists in the email channel processing module (`nanobot/channels/email.py`), allowing a remote, unauthenticated attacker to execute arbitrary LLM instructions (and… | ||
| CVE-2025-10380 | Hig | 0.57 | 8.8 | 0.00 | Sep 23, 2025 | The Advanced Views – Display Posts, Custom Fields, and More plugin for WordPress is vulnerable to Server-Side Template Injection in all versions up to, and including, 3.7.19. This is due to insufficient input sanitization and lack of access control when processing custom Twig… | ||
| CVE-2025-32461 | Cri | 0.57 | 9.9 | 0.01 | Apr 9, 2025 | wikiplugin_includetpl in lib/wiki-plugins/wikiplugin_includetpl.php in Tiki before 28.3 mishandles input to an eval. The fixed versions are 21.12, 24.8, 27.2, and 28.3. | ||
| CVE-2025-25362 | Cri | 0.57 | 9.8 | 0.01 | Mar 5, 2025 | A Server-Side Template Injection (SSTI) vulnerability in Spacy-LLM v0.7.2 allows attackers to execute arbitrary code via injecting a crafted payload into the template field. | ||
| CVE-2024-9150 | Hig | 0.57 | — | 0.00 | Feb 21, 2025 | Report generation functionality in Wyn Enterprise allows for code inclusion, but not sufficiently limits what code might be included. An attacker is able use a low privileges account in order to abuse this functionality and execute malicious code, load DLL libraries and… |
- risk 0.74cvss —epss 0.49
A template injection vulnerability exists in Sawtooth Software’s Lighthouse Studio versions prior to 9.16.14 via the ciwweb.pl http://ciwweb.pl/ Perl web application. Exploitation allows an unauthenticated attacker can execute arbitrary commands.
- risk 0.70cvss 9.9epss 0.25
The WPML plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.6.12 via Twig Server-Side Template Injection. This is due to missing input validation and sanitization on the render function. This makes it possible for authenticated…
- risk 0.65cvss 10.0epss 0.84
changedetection.io is an open source web page change detection, website watcher, restock monitor and notification service. There is a Server Side Template Injection (SSTI) in Jinja2 that allows Remote Command Execution on the server host. Attackers can run any system command…
- risk 0.64cvss 9.9epss 0.00
RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In 0.24.0 and earlier, a Jinja2 template injection in the prompt generator (rag/prompts/generator.py) allows any authenticated user to execute arbitrary OS commands on the server. Any normal user can…
- risk 0.64cvss 9.9epss 0.00
A Server-Side Template Injection (SSTI) vulnerability exists in Mautic's theme engine. The platform renders uploaded Twig templates without a sandbox or strict function restrictions. Authenticated users with permissions to create or upload themes can abuse this to execute…
- risk 0.64cvss 9.9epss 0.01
GitLab has remediated a vulnerability in the Duo Workflow Service component of GitLab AI Gateway affecting all versions of the AI Gateway from 18.1.6, 18.2.6, 18.3.1 to 18.6.1, 18.7.0, and 18.8.0 in which AI Gateway was vulnerable to insecure template expansion of user supplied…
- risk 0.60cvss —epss 0.01
Server-Side Template Injection (SSTI) in Wirtualna Uczelnia allows an unauthenticated attacker to perform Remote Code Execution (RCE). In the endpoint redirectToUrl and parameter redirectUrlParameter, insufficient input validation permits injection of arbitrary template…
- risk 0.59cvss 9.0epss 0.00
Thymeleaf is a server-side Java template engine for web and standalone environments. Prior to 3.1.5.RELEASE, a security bypass vulnerability exists in the expression execution mechanisms of Thymeleaf. Although the library provides mechanisms to avoid the execution of potentially…
- risk 0.59cvss 9.0epss 0.01
Thymeleaf is a server-side Java template engine for web and standalone environments. Versions 3.1.3.RELEASE and prior contain a security bypass vulnerability in the the expression execution mechanisms. Although the library provides mechanisms to prevent expression injection, it…
- risk 0.59cvss 9.0epss 0.01
Thymeleaf is a server-side Java template engine for web and standalone environments. Versions 3.1.3.RELEASE and prior contain a security bypass vulnerability in the expression execution mechanisms. Although the library provides mechanisms to prevent expression injection, it…
- risk 0.59cvss 10.0epss 0.09
LaRecipe is an application that allows users to create documentation with Markdown inside a Laravel app. Versions prior to 2.8.1 are vulnerable to Server-Side Template Injection (SSTI), which could potentially lead to Remote Code Execution (RCE) in vulnerable configurations.…
- risk 0.58cvss 9.9epss 0.01
The Dynamics 365 Integration plugin for WordPress is vulnerable to Remote Code Execution and Arbitrary File Read in all versions up to, and including, 1.3.23 via Twig Server-Side Template Injection. This is due to missing input validation and sanitization on the render function.…
- risk 0.57cvss 9.8epss 0.00
Formie is a Craft CMS plugin for creating forms. Prior to 2.2.20 and 3.1.24, unauthenticated users could submit crafted values into Hidden fields (with Default value → Custom) that were evaluated as Twig during submission handling, which could lead to serious compromise of the…
- risk 0.57cvss 8.8epss 0.00
LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.80.5 to before version 1.83.7, the POST /prompts/test endpoint accepted user-supplied prompt templates and rendered them without sandboxing. A crafted template could run…
- risk 0.57cvss 8.8epss 0.00
RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In versions 0.24.0 and prior, a Server-Side Template Injection (SSTI) vulnerability exists in RAGFlow's Agent workflow Text Processing (StringTransform) and Message components. These components use Python's…
- risk 0.57cvss 9.8epss 0.00
nanobot is a personal AI assistant. Prior to version 0.1.6, an indirect prompt injection vulnerability exists in the email channel processing module (`nanobot/channels/email.py`), allowing a remote, unauthenticated attacker to execute arbitrary LLM instructions (and…
- risk 0.57cvss 8.8epss 0.00
The Advanced Views – Display Posts, Custom Fields, and More plugin for WordPress is vulnerable to Server-Side Template Injection in all versions up to, and including, 3.7.19. This is due to insufficient input sanitization and lack of access control when processing custom Twig…
- risk 0.57cvss 9.9epss 0.01
wikiplugin_includetpl in lib/wiki-plugins/wikiplugin_includetpl.php in Tiki before 28.3 mishandles input to an eval. The fixed versions are 21.12, 24.8, 27.2, and 28.3.
- risk 0.57cvss 9.8epss 0.01
A Server-Side Template Injection (SSTI) vulnerability in Spacy-LLM v0.7.2 allows attackers to execute arbitrary code via injecting a crafted payload into the template field.
- risk 0.57cvss —epss 0.00
Report generation functionality in Wyn Enterprise allows for code inclusion, but not sufficiently limits what code might be included. An attacker is able use a low privileges account in order to abuse this functionality and execute malicious code, load DLL libraries and…